# Course #42: Introduction to cadaver$
## Installation and Configuration on Kali Linux
Cadaver is a command-line client for WebDAV, an extension of HTTP that allows users to collaboratively edit and manage files on remote web servers. It is particularly useful in penetration testing for exploiting weaknesses in WebDAV implementations. In this section, we will guide you through the process of installing and configuring cadaver on Kali Linux.
### Installing cadaver
1. **Update Your System**: It’s always a good practice to ensure your system is up-to-date before installing new software. Open your terminal and run the following command:
sudo apt update && sudo apt upgrade -y
2. **Install cadaver**: You can install cadaver directly from the Kali repositories. Use the following command:
sudo apt install cadaver -y
3. **Verify Installation**: Once installed, you can verify that cadaver is installed correctly by checking its version:
cadaver –version
You should see the version of cadaver printed in the terminal, indicating a successful installation.
### Configuration
Cadaver requires minimal configuration to start using it effectively. However, you may want to create a configuration file to set up default options and preferences.
1. **Create a configuration file**: You can create a `.cadaverrc` file in your home directory. This file can specify your default WebDAV server URL, username, and password.
nano ~/.cadaverrc
2. **Add default server settings**: Inside the `.cadaverrc` file, you can add:
[/dm_code_snippet]
# Default settings for cadaver
# Use your actual WebDAV server details
server http://example.com/webdav
username your_username
password your_password
[/dm_code_snippet]
3. **Save and exit**: Save the changes (CTRL + O, then ENTER) and exit (CTRL + X).
## Step-by-Step Usage
Now that cadaver is installed and configured, let’s walk through its usage with practical examples and real-world use cases.
### Basic Commands
Cadaver is initiated from the command line by specifying a WebDAV server URL. Here’s how to start cadaver:
"`bash
cadaver http://your_webdav_server_url
"`
#### Common Commands in cadaver
Once you are in the cadaver shell, you can use the following commands to interact with the WebDAV server:
– **ls**: List files and directories.
– **cd**: Change the directory.
– **get**: Download a file from the server.
– **put**: Upload a file to the server.
– **delete**: Remove a file from the server.
– **mkdir**: Create a new directory on the server.
### Example Workflow
#### Step 1: Connect to a WebDAV Server
Assuming you have a WebDAV server set up at `http://example.com/webdav`, connect using:
"`bash
cadaver http://example.com/webdav
"`
You will be prompted for credentials if the server requires authentication.
#### Step 2: View the Directory Contents
Once connected, list the contents to see what files are present:
"`bash
ls
"`
#### Step 3: Navigate Directories
To navigate into a specific directory, use:
"`bash
cd directory_name
"`
#### Step 4: Download a File
To download a file named `sample.txt`, use the get command:
"`bash
get sample.txt
"`
The file will be downloaded to your local directory.
#### Step 5: Upload a File
If you want to upload a file named `myupload.txt`, use:
"`bash
put myupload.txt
"`
#### Step 6: Delete a File
If you need to delete a file, say `unwanted.txt`, use:
"`bash
delete unwanted.txt
"`
### Real-World Use Cases
#### Case Study: Penetration Testing WebDAV
Imagine you are hired to perform a penetration test on a company’s WebDAV server. Your objective is to find vulnerabilities that could allow unauthorized access or data manipulation.
1. **Enumerate Directories**: Use the `ls` command frequently to enumerate available directories.
2. **Brute-force Authentication**: If you suspect weak authentication, use a tool like **Hydra** to brute-force credentials while observing cadaver’s behavior.
3. **File Upload Vulnerability**: Check if you can upload executable files. If you can upload a PHP file, you might gain a foothold on the server.
4. **Directory Traversal**: Test for directory traversal vulnerabilities by attempting to access `../../etc/passwd`.
### Technical Explanations
Cadaver communicates with the WebDAV server using standard HTTP methods like GET, PUT, DELETE, and PROPFIND. Understanding how these methods interact with the server can help you exploit weaknesses.
– **GET**: Retrieves a file from the server. In case of misconfiguration, sensitive files may be exposed.
– **PUT**: Uploads a file. If the server doesn't validate file types, this could allow malicious code uploads.
– **DELETE**: Can remove files. If improperly configured, attackers could delete critical files.
– **PROPFIND**: Retrieves metadata about resources. Misuse could expose sensitive directory structures.
### External References
To deepen your understanding of cadaver and WebDAV, consider reviewing the following resources:
– [WebDAV: The Next Generation of HTTP](https://en.wikipedia.org/wiki/WebDAV)
– [Cadaver Documentation](http://www.webdav.org/cadaver/)
– [OWASP WebDAV Security](https://owasp.org/www-project-web-security-testing-guide/latest/3-Testing-Guide/3.11.2-WebDAV-Testing)
### Code Examples for WordPress
When assessing WordPress installations utilizing WebDAV, you might test file uploading vulnerabilities. Here are code examples to upload a file using cadaver:
"`bash
# Navigate to the WordPress uploads directory
cd wp-content/uploads
# Upload a PHP shell (ensure you have permission to test this)
put malicious_shell.php
"`
Check if the uploaded file can be accessed:
"`bash
# Access the uploaded file via browser
curl http://example.com/wp-content/uploads/malicious_shell.php
"`
This can lead to remote code execution if the server misconfigurations permit it.
—
By now, you should have a foundational understanding of how to install, configure, and use cadaver for WebDAV exploitation in penetration testing scenarios. This tool is incredibly powerful when used ethically and responsibly as part of your security assessments.
**Next Steps**: Continue to explore the advanced features of cadaver and practice your skills in a controlled environment. Remember always to have permission before testing any systems.
—
Made by pablo rotem / פבלו רותם