The internet has undoubtedly changed the way we work and communicate. With technological advances, more and more people can collaborate on the web from anywhere in the world. But this remote-friendly environment inherently brings security risks, and hackers are always finding ways to exploit systems for other uses.
WebDAV, or Web Distributed Authoring and Versioning, is a protocol that allows users to remotely collaborate and edit content on the web. It is an extension of HTTP but uses its own distinct features to enhance the standard HTTP methods and headers.
The protocol is mainly used for remote editing and collaboration, but it can also be used to transfer files. It usually runs on port 80 by default, or sometimes port 443 for encrypted communications. While WebDAV offers users the ability and convenience to access web content from anywhere, this same remote function can be a huge security hole if not correctly configured.
In this tutorial, we will be using Metasploitable 2 as our target and Kali Linux as our local machine. You can use a similar setup to follow along if you'd like.
Step 1: Check if WebDAV Is Enabled
The first thing we need to do is check if WebDAV is enabled on the target. Metasploit has a scanner we can ..
Support the originator by clicking the read the rest link below.
