==============Only For Educational Purpose===============
What is WebDav or IIS?
WebDAV (Web-based Distributed Authoring and Versioning) also called IIS is a set of extensions to HTTP/1.1. It is an open, published standard that allows you to edit documents on a remote web server.
WebDAV supports the following features:
Editing: Create, update, and delete files.
Properties: Store metadata such as titles, author names, and publication dates. You can set, delete, and retrieve these metadata.
This attack could only be perform on IIS Vulnerable websites
in IIS vulnerable websites,
we dont need to login to upload our deface page.
So first we should have to find out IIS vulnerable websites:
I have a list of IIS vulnerable websites for group members. in the next tutorial, i'll post the method to find out them.
In this tutrial we just gonna upload our deface page.
So here we go: (for windows xp only)
right click on the desktop, new, shortcut.
write it in the box %WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}
Name it webdav
finish
double click on the web folder
right click, New, click on web folder
Now type the name of the Vulnerable site in the box.
Done (lolxxx now you can upload what ever you want.)
Now what we need to do is to copy deface page and paste it to the vulnerable website folder.
Happy Hacking :P
0 comments:
Post a Comment