DAVTest包装说明

DAVTest通过上传测试的可执行文件,然后(可选)上传文件,这允许执行命令,或者直接在目标上的其他操作测试启用WebDAV服务器。它是为渗透测试人员能够快速,轻松地确定是否启用DAV服务攻击。 DAVTest支持:

  • 自动发送攻击文件
  • 自动随机目录,以帮助隐藏文件
  • 发送文本文件,并尝试MOVE到可执行文件名称
  • 基本和摘要授权
  • 自动清理文件上传
  • 发送任意文件 资料来源:https://code.google.com/p/davtest/

DAVTest首页 | 卡利DAVTest回购

  • 作者:Sunera,LLC。
  • 许可:GPLv3的

    0x01 包含在davtest包工具

    davtest – Testing tool for WebDAV servers

    
    :~# davtest
    ERROR: Missing -url
    /usr/bin/davtest -url <url> [options]
    -auth+     Authorization (user:password)
    -cleanup   delete everything uploaded when done
    -directory+    postfix portion of directory to create
    -debug+    DAV debug level 1-3 (2 & 3 log req/resp to /tmp/perldav_debug.txt)
    -move      PUT text files then MOVE to executable
    -nocreate  don't create a directory
    -quiet     only print out summary
    -rand+     use this instead of a random string for filenames
    -sendbd+   send backdoors:
              auto - for any succeeded test
              ext - extension matching file name(s) in backdoors/ dir
    -uploadfile+   upload this file (requires -uploadloc)
    -uploadloc+    upload file to this location/name (requires -uploadfile)
    -url+      url of DAV location
    Example: /usr/bin/davtest -url http://localhost/davdir
    

    0x02 davtest Usage Example

    扫描指定的WebDAV服务器 (-url http://192.168.1.209):


 :~# davtest -url http://192.168.1.209
********************************************************
 Testing DAV connection
OPEN        SUCCEED:        http://192.168.1.209
********************************************************
NOTE    Random string for this session: B0yG9nhdFS8gox
********************************************************
 Creating directory
MKCOL       SUCCEED:        Created http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox
********************************************************
 Sending test files
PUT asp FAIL
PUT cgi FAIL
PUT txt SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
PUT pl  SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.pl
PUT jsp SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jsp
PUT cfm SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.cfm
PUT aspx    FAIL
PUT jhtml   SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jhtml
PUT php SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.php
PUT html    SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html
PUT shtml   FAIL
********************************************************
 Checking for test file execution
EXEC    txt SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
EXEC    pl  FAIL
EXEC    jsp FAIL
EXEC    cfm FAIL
EXEC    jhtml   FAIL
EXEC    php FAIL
EXEC    html    SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html
********************************************************
/usr/bin/davtest Summary:
Created: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.pl
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jsp
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.cfm
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jhtml
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.php
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html
Executes: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
Executes: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html

原文来自:https://www.hackfun.org/kali-tools/davtest_zh.html。转载请注明原出处,商用请联系原作者授权。

results matching ""

    No results matching ""