From the course: Penetration Testing Web Apps with Kali and Burp Suite
Join today to access over 24,900 courses taught by industry experts.
Exploiting through an ASPX shell with Cadaver
From the course: Penetration Testing Web Apps with Kali and Burp Suite
Exploiting through an ASPX shell with Cadaver
- Web distributed authoring and versioning, WebDAV, is an extension of HTTP that allows clients to perform remote web content authoring operations. For WebDAV sites, which also allow HTTP messages, there's a very effective tool we can use to upload a shell. The tool's called cadaver and it's simple to use. Cadaver supports file upload, download, on-screen display, move and copy, collection creation and deletion, and locking operations. As a PEN tester, the main use we have for it is to upload a file, typically a web shell. Cadaver uses a command line syntax similar to FTP. Let's look at the manual documentation for it. - [Male voice on WebDAV Program] Man cadaver. - It has a number of options but we won't be using any of them. We will, however, be using its commands. We can see that it has a lot of useful bash light commands for testing. And there's also a number of commands relating to collections, which are, to…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
(Locked)
Exploiting your way into the gym4m
-
(Locked)
Exploiting through an ASPX shell with Cadaver4m 58s
-
(Locked)
Checking web page source1m 50s
-
(Locked)
Injecting HTML into a web page4m 6s
-
(Locked)
Exploiting tools left on websites2m 31s
-
(Locked)
Injecting SQL using Burp Suite3m 45s
-
(Locked)
Exploiting Node.js5m 55s
-
(Locked)
Injecting XML into a web page1m 55s
-
(Locked)
File access through a web application URL1m 32s
-
(Locked)
-
-