In this post, I would like to talk about DavTest tools which can be found in Kali Linux. Before we go deeper into using DAVTest, we need to know about what is WebDav vulnerabilities from Security Point of View.
WebDAV or also known as Web Distributed Authoring Versioning is a system protocol that usually enables the users to access a web server via sharing, copy, move, and modify the files.
For those are not familiar with the tools, DAVTest is a a tools to check and tests any vulnerable server who have enabled WebDAV and that will give chance to attacker to upload any executable files and malicious code files such as command execution on the Target’s Server.
DAVTest tools normally supports the following
To run the DAVTest on Kali Linux Machine can type the command in the terminal DAVTest.
- Automatically send and upload the exploit files and randomization of directory
- Basic and Digest authorization
- Clean-up of uploaded file will be automatic whenever the exploit completed.
- The malicious file will be in arbitrary file
If the tools are not installed in your Kali Linux, the user can download it via
git clone https://github.com/cldrn/davtest.git
The command can be used are davetest -url <url address> which