DAVTest包装说明

DAVTest通过上传测试的可执行文件,然后(可选)上传文件,这允许执行命令,或者直接在目标上的其他操作测试启用WebDAV服务器。它是为渗透测试人员能够快速,轻松地确定是否启用DAV服务攻击。

DAVTest支持:

  • 自动发送攻击文件
  • 自动随机目录,以帮助隐藏文件
  • 发送文本文件,并尝试MOVE到可执行文件名称
  • 基本和摘要授权
  • 自动清理文件上传
  • 发送任意文件

资料来源:https://code.google.com/p/davtest/
DAVTest首页 | 卡利DAVTest回购

  • 作者:Sunera,LLC。
  • 许可:GPLv3的

包含在davtest包工具

davtest – Testing tool for WebDAV servers
[email protected]:~# davtest

ERROR: Missing -url

/usr/bin/davtest -url <url> [options]

 -auth+     Authorization (user:password)
 -cleanup   delete everything uploaded when done
 -directory+    postfix portion of directory to create
 -debug+    DAV debug level 1-3 (2 & 3 log req/resp to /tmp/perldav_debug.txt)
 -move      PUT text files then MOVE to executable
 -nocreate  don't create a directory
 -quiet     only print out summary
 -rand+     use this instead of a random string for filenames
 -sendbd+   send backdoors:
            auto - for any succeeded test
            ext - extension matching file name(s) in backdoors/ dir
 -uploadfile+   upload this file (requires -uploadloc)
 -uploadloc+    upload file to this location/name (requires -uploadfile)
 -url+      url of DAV location

Example: /usr/bin/davtest -url http://localhost/davdir

davtest Usage Example

扫描指定的WebDAV服务器(-url http://192.168.1.209):

[email protected]:~# davtest -url http://192.168.1.209
********************************************************
 Testing DAV connection
OPEN        SUCCEED:        http://192.168.1.209
********************************************************
NOTE    Random string for this session: B0yG9nhdFS8gox
********************************************************
 Creating directory
MKCOL       SUCCEED:        Created http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox
********************************************************
 Sending test files
PUT asp FAIL
PUT cgi FAIL
PUT txt SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
PUT pl  SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.pl
PUT jsp SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jsp
PUT cfm SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.cfm
PUT aspx    FAIL
PUT jhtml   SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jhtml
PUT php SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.php
PUT html    SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html
PUT shtml   FAIL
********************************************************
 Checking for test file execution
EXEC    txt SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
EXEC    pl  FAIL
EXEC    jsp FAIL
EXEC    cfm FAIL
EXEC    jhtml   FAIL
EXEC    php FAIL
EXEC    html    SUCCEED:    http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html

********************************************************
/usr/bin/davtest Summary:
Created: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.pl
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jsp
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.cfm
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.jhtml
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.php
PUT File: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html
Executes: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.txt
Executes: http://192.168.1.209/DavTestDir_B0yG9nhdFS8gox/davtest_B0yG9nhdFS8gox.html