DAVTest

Description

DAVTest tests WebDAV enabled servers by uploading test executable files, and then (optionally) uploading files which allow for command execution or other actions directly on the target. It is meant for penetration testers to quickly and easily determine if enabled DAV services are exploitable.

DAVTest supports:

  • Automatically send exploit files

  • Automatic randomization of directory to help hide files

  • Send text files and try MOVE to executable name

  • Basic and Digest authorization

  • Automatic clean-up of uploaded files

  • Send an arbitrary file

Usage

Syntax

davtest -url <url> [options]

Options

 -auth+ 	Authorization (user:password)
 -cleanup	delete everything uploaded when done
 -directory+	postfix portion of directory to create
 -debug+	DAV debug level 1-3 (2 & 3 log req/resp to /tmp/perldav_debug.txt)
 -move		PUT text files then MOVE to executable
 -nocreate 	don't create a directory
 -quiet	 	only print out summary
 -rand+ 	use this instead of a random string for filenames
 -sendbd+	send backdoors:
			auto - for any succeeded test
			ext - extension matching file name(s) in backdoors/ dir
 -uploadfile+	upload this file (requires -uploadloc)
 -uploadloc+	upload file to this location/name (requires -uploadfile)
 -url+		url of DAV location

Example

cyborg@cyborg:~$ davtest -url http://192.168.1.15
********************************************************
 Testing DAV connection
OPEN SUCCEED: http://192.168.1.15
********************************************************
NOTE Random string for this session: W0dhd5dEHEn3jd
********************************************************
 Creating directory
MKCOL SUCCEED: Created http://192.168.1.15/Dav TestDir_W0dhd5dEHEn3jd
********************************************************
 Sending test files
PUT asp FAIL
PUT cgi FAIL
PUT txt SUCCEED: http://192.168.1.15/Dav TestDir_W0dhd5dEHEn3jd/davtest_W0dhd5dEHEn3jd.txt
PUT pl SUCCEED: http://192.168.1.15/Dav TestDir_W0dhd5dEHEn3jd/davtest_W0dhd5dEHEn3jd.pl
PUT jsp SUCCEED: http://192.168.1.15/Dav TestDir_W0dhd5dEHEn3jd/davtest_W0dhd5dEHEn3jd.jsp
PUT cfm SUCCEED: http://192.168.1.15/Dav TestDir_W0dhd5dEHEn3jd/davtest_W0dhd5dEHEn3jd.cfm
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?