Jump to content
ZeroCold

How to use the WebDav exploit to hack RDP's-with tools

Recommended Posts

Posted

Alright guy's today in this tutorial I'll be explaining how to use the webdav exploit. The link for the tools used for this tutorial can be found in the bottom of this tutorial. For those of you who do not know what a Webdav is here is the definition

Web-based Distributed Authoring and Versioning, or WebDAV, is a set of extensions to the Hypertext Transfer Protocol (HTTP) that allows computer-users to edit and manage files collaboratively on remote World Wide Web servers.

But fo our purpose we will be using it to exploit RDP's or the Remote Desktop Protocal. For a better understanding of these with RDP's they could range from Vp's to Dedi's to just plain old home Pc's, but no matter what it is you will gain full access to the machine and can basically do whatever you want using a shell. For those of you who are new to the hacking scene a shell is a php script that allows you to view all of the files on the server you decide to host the shell on. The most common shells are the c99 or the r57, but in this case we will be using the c99.

Now please be aware these are not the only shells available there are several posted throughout the forum and you can find them by simply using the search button located on the navbar. Now before being able to use the shell we have to find some vulnerable Ip's to gain access to for this we will be using the WebdavlinkCrawler which can be found in the webdav tools kit I have provided below here if you don't trust my download links simply don't download them it's that simple. Once you have managed to open the program you will be presented with this interface.

3j289.png

as you can see there is a Start, Stop, and Remove double. All of these terms will be explained later on, but what you are going to want to do is click the start button and it will being to search for the Ip's with webdav in them. Once you have managed to gather some ip's like you see in the picture here

Fq3EK.png

Now please be aware this was only with about 15 seconds of searching and your results may differ depending on your connection speed as well as the amount of time you run the application. After you have all of your Ip's your going to want to click one so it's highlighted and the right click it you will be presented with a popup that looks like this

28gRs.png

I have no idea what that actually means,(if someone would like to translate and tell me please feel free.) but what it is doing is copying all of the Ip's you have scanned. After you have scanned all of the Ip's your going to want to paste them in a new word document

3CofW.png

once you have done so save it as something you can remember and put it in a convenient location. After you have saved your collected webdav Ip's in a word document your going to want to open the Ip Scanner in the folder. It will look like this

sYB8n.png

what your going to want to do is click the "Get Ip's" button and browse to your recently saved text file.

After you have your ip's in place

87VSw.png

your going to want to press the scan button what this is doing is now taking all of your Webdav Ip's and figuring out which one's are vulnerable to this particular exploit. The one's on the right are the ones it scanned and if you happen to get any in the middle those are the one's you can exploit. In my case this time I didn't happen to have any that were open to this exploit because I had a limited amount of Ip's.

After you have managed to gather some ip's in the middle column and are ready to exploit the server you can just double check by going to the ip/webdav/ in your browser and Ip being one of the exploited ones you managed to get and your going to be looking for an index page that says Webdav Test page. After you have confirmed it is ready to go your going to want to open "map network drive" this can be found by either right clicking Network or my computer in the start menu.

P1ICx.png

what your going to want to click on is the hyperlink that reads " Connect to a website that you can use to store your document's and pictures. You will be presented with a screen all you have to do is click next. And the your going to want to click Choose a custom network location.

tvWW7.png

Now this is the important screen it should look like this

gn07w.png

What you have to do is put the Ip/webdav in the text box and click next

21CT2.png

you should then be prompted with a login box the default username is wampp and the default password is xampp. Once you have successfully connected you can now browse it's folder's so what you have to do now is just drag and drop the shell.php in side the main directory

li8wP.png.

After doing so go to ip/webdav/shell.php it should look like the following

aiLlM.png

Feel free to use that Ip if you are that much of a noob and cannot do anything for yourself. Once you are viewing your shell inside the execute textbox your going to want to do the following commands :

net localgroup administrators SUPPORT /Add

net user /add SUPPORT !password!

What this is doing is making the remote desktop username SUPPORT and the password !password!. So now the last and final step is to open remote desktop and connect using the Ip and the login detail's we have just created. The shell is for you to explore and discover for yourself. Now you may be wondering What can you do once your in?

Answer :

1.You can do so much! Plant Rootkits/ Upload your RAT on the server:D

2. I upload my RAT’s incase they try to take back there dedi.

3. Host a web IRC bot or Shell Booter

4. Store files or host websites or shells

5. Make a Botnet!

but one of my favorite things to do is to host a powerful DDos shell.

If you have an questions comments or concerns please feel free to post them below and I promise I will respond to every one of them no matter how ridiculous or cruel your comments or questions could be thanks for reading and I hope you learned something!

This tutorial was a proud contribute to my favorite group The Nerds more info can be found in my sig. Hope you guys join! feel free to mention my name if you do!

TOOLS:

http://dl.dropbox.com/u/18083172/Webdav%20tools.rar

Posted

Nice TUT bro.

Webdavscrawler is not working on my system, i tried with win2003/win2008 when i open it, it says somekind error 'Object does not support properly or method replace'

you have anyother option i could get this?

Thanls

**There's no knowledge where there's no knowledge**

Posted

Nice TUT bro.

Webdavscrawler is not working on my system, i tried with win2003/win2008 when i open it, it says somekind error 'Object does not support properly or method replace'

you have anyother option i could get this?

Thanks

**There's no knowledge where there's no knowledge**

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...