Tutorial on Webdav Hacking & Defacing

Not to more Explain. Just Straight follow the tutorials:

Start Hacking:

Open up the 'Map Network Drive'
- Windows XP : Right click on My Computer
- Windows 7 : Click the start bar

Now it will show a new little window.

Click on 'Sign up for online storage of conect to a network server.

A new window will show up , click next.

Again click next.

Now here type in the server's IP or domain that has WebDav enabled.
Ensure to put http:// and the webdav's directory. Otherwise it may not work. Then click next.

 

Now you'll get a login prompt. Login with these credentials :

User name : wampp
Password : xampp

And click OK.

At the next window you can choose whatever you want. But i prefer leaving it's default name. It's not important. Then click Next again.

Here is the last window , be sure to tick the checkbox 'Open this network place when I click Finish.'
And click Finish !

Now you'll get again the prompt , just login with the same credentials I mentioned before.

Wow!!!!!we have access on uploading files now. Just grab and drag with the cursor there an ASPX\ PHP shell (if it's accepts), a index html file or simply a text file.
Then go to your browser and navigate to http://yourslave/webdav/shell.php (replace shell.php with your shell's name). And you'll get access to its server.

NOTE : This isn't gonna work with all webdav sites. Hope you understood the vulnerability , (by using the default login credentials when installing webdav).

It is collected by I test it. This vulnerability does really works. But Not all dev sites.

I think it's a noob hacking operation.

Asked to Join JRH Idea Hacker