Course #42: Introduction to cadaver$
# Course #42: Introduction to cadaver$
## Installation and Configuration on Kali Linux
**cadaver** is a command-line client for WebDAV (Web Distributed Authoring and Versioning) that enables users to interact with WebDAV servers. It is particularly useful for penetration testers as it allows for efficient exploitation of WebDAV vulnerabilities. This section will guide you through the installation and configuration of cadaver on Kali Linux, followed by detailed usage examples and real-world applications.
### Installation Steps
1. **Open Terminal**: Access your Kali Linux terminal. You can press `Ctrl + Alt + T` to open a new terminal window.
2. **Update Package List**: Ensure your package list is up to date. Type the following command and press Enter:
3. **Install cadaver**: Use the following command to install the cadaver tool:
4. **Verify Installation**: After installation, verify that cadaver is correctly installed by checking its version:
5. **Configuration**: Cadaver is generally ready to use right after installation. However, you may want to configure certain aspects like default credentials or specific server settings in a `.netrc` file for easier access:
Add the following lines, replacing `
`, ``, and `` with your actual WebDAV server details:
[/dm_code_snippet]
machine
login
password
[/dm_code_snippet]
### Step-by-Step Usage
Once cadaver is installed and configured, you're ready to start using it. Below, we’ll cover basic commands and several real-world usage scenarios.
#### Basic Commands
1. **Connecting to a WebDAV Server**: To connect to a WebDAV server, use the following command:
cadaver http://example.com/webdav/
Replace `http://example.com/webdav/` with your target WebDAV URL.
2. **Navigating Directories**:
– To list files and directories:
– To change directories:
3. **Uploading Files**:
Use the `put` command to upload files to the server.
Replace `local_file.txt` with the path to the file you want to upload.
4. **Downloading Files**:
To download files from the server, use the `get` command:
5. **Deleting Files**:
To delete a file on the server:
6. **Creating Directories**:
You can create a new directory with:
7. **Exiting cadaver**:
Type `quit` or `exit` to leave the cadaver interface.
#### Real-World Use Cases
1. **Exploring a Vulnerable WebDAV Server**:
Suppose you've found a WebDAV server that is known to have weak authentication. Use cadaver to access it:
cadaver http://vulnerable-server.com/webdav/
After logging in, use `ls` to enumerate the contents and look for sensitive files like configuration files.
2. **Uploading a Web Shell**:
If you discover that the server allows uploading files without adequate validation, you could upload a PHP web shell (e.g., `shell.php`) targeting a server misconfigured to execute PHP files:
After uploading, navigate to `http://vulnerable-server.com/webdav/shell.php` to access the web shell.
3. **Harvesting Sensitive Data**:
Use cadaver to find and download sensitive files:
get config.php
get secret.txt
4. **Command Injection**:
If the WebDAV server supports command execution through improperly configured endpoints, you can exploit it by uploading a malicious payload. For instance, upload a script that spawns a reverse shell.
### Detailed Technical Explanations
#### Understanding WebDAV
WebDAV is an extension of HTTP that allows users to collaboratively edit and manage files on remote web servers. It provides HTTP methods like `COPY`, `MOVE`, `LOCK`, `UNLOCK`, etc. The primary aim of WebDAV is to facilitate content authoring and management on the web.
**Common WebDAV Vulnerabilities**:
– **Weak Authentication**: Many servers use basic authentication which is easily exploitable.
– **File Upload Vulnerabilities**: Misconfigured servers may allow arbitrary file uploads.
– **Directory Traversal Attacks**: If path sanitization is poor, attackers can traverse directories and access sensitive files.
#### Code Examples in Markdown Code Blocks for WordPress
If you are utilizing cadaver to manage files related to WordPress, the following code snippets can assist in various scenarios.
1. **Uploading a Plugin**:
To upload a new plugin, use the `put` command:
cadaver http://yourwordpresssite.com/wp-content/plugins/
put my-plugin.zip
2. **Editing Theme Files**:
If you need to edit a theme file directly:
cadaver http://yourwordpresssite.com/wp-content/themes/my-theme/
get header.php
# Make your changes locally, then upload
put header.php
3. **Downloading Database Backup**:
If you can access backups stored in the web root:
cadaver http://yourwordpresssite.com/backups/
get backup.sql
### External Reference Links
– [Official cadaver Documentation](http://www.webdav.org/cadaver/)
– [OWASP WebDAV Security Cheat Sheet](https://owasp.org/www-community/OWASP_WebDAV_Security_Cheat_Sheet)
– [WebDAV Exploitation Techniques](https://www.acs.com.hk/en/products/1287/acr38-smart-card-reader/)
– [Understanding WebDAV Protocols](https://www.rfc-editor.org/rfc/rfc4918.txt)
In conclusion, cadaver is a powerful tool for web application penetration testing, particularly focusing on WebDAV services. Mastery of its commands and understanding the vulnerabilities associated with WebDAV can significantly enhance your penetration testing capabilities.
—
Made by pablo rotem / פבלו רותם
