Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[TUT] Automatic webdav scanning
#1
Allright, webdav exploiting is kinda old shizzle, but i thought i could still share this with yall.
First of all, create a php file.
Insert this code onto it.
PHP Code:
Code:
<?
php
$rand1 
rand(0300);
$rand2 rand(0300);
$rand3 rand(0300);
$rand4 rand(0300);

$ip = ($rand1 "." $rand2 "." $rand3"." $rand4);
$port "80";

$output = @fsockopen($ip$port$errno$errstr1);

if (!
$output) { echo 'Offline' '<meta http-equiv="refresh" content="0">'; } 
else {
$fileUrl "http://$ip/webdav/";
$AgetHeaders = @get_headers($fileUrl);
if (
preg_match("|200|"$AgetHeaders[0])) {
echo 
'Success: http://' $ip "/webdav/";
$invoegen $ip "/webdav/" "\n";
$fopen fopen("logg.txt""a");
fwrite($fopen$invoegen);
fclose($fopen);
echo 
'<meta http-equiv="refresh" content="0">';
} else {
echo 
'Failed: http://' $ip "/webdav/";
echo 
'<meta http-equiv="refresh" content="0">';
}
}
@
fclose($output); 

echo 
'<br>';

$rand5 rand(0100);
$rand6 rand(0100);
$rand7 rand(0100);
$rand8 rand(0100);

$ip2 = ($rand5 "." $rand6 "." $rand7"." $rand8);

$output = @fsockopen($ip2$port$errno$errstr1);

if (!
$output) { echo 'Offline' '<meta http-equiv="refresh" content="0">'; } 
else {
$fileUrl "http://$ip2/webdav/";
$AgetHeaders = @get_headers($fileUrl);
if (
preg_match("|200|"$AgetHeaders[0])) {
echo 
'Success: http://' $ip2 "/webdav/";
$invoegen $ip2 "/webdav/" "\n";
$fopen fopen("logg.txt""a");
fwrite($fopen$invoegen);
fclose($fopen);
echo 
'<meta http-equiv="refresh" content="0">';
} else {
echo 
'Failed: http://' $ip2 "/webdav/";
echo 
'<meta http-equiv="refresh" content="0">';
}
}
@
fclose($output); 
?>
Save it, and upload it to your VPS/Webhosting.
Dont forget to chmod it to 777
Then just open http://*domain/IP*/*name*.php and leave it open.
It saves the IP's to the folder you uploaded the PHP script.
After that, you can exploit the webdav's for DoS Shells, hacking shells, and deface/root them or whatever you want Smile
Note: The code is not mine, i dont remember where i got it from, but all credits go to the original creator of it.
Reply
#2
nice man ill try this.
thanks for sharing this with us Smile
Reply
#3
Yep. Another H.Q share. Thanks man!
Do NOT PM me for any inquiries related to advertising on PacketPunks. 

For our change log, CLICK HERE.
For our help docs, CLICK HERE.
Reply
#4
i just tryed this on my host,

and it didnt work :

Code: Offline
Offline
Reply
#5
Yea it scans them like that, you gotta leave a tab open on your browser
Reply
#6
One question, does it scans on the server where is the VPS hosted or scans on all the servers on the internet?
[Image: 0sPWRRx.gif]
Reply
#7
(03-16-2014, 05:11 PM)Tumppi⁴²⁰ Wrote: Yea it scans them like that, you gotta leave a tab open on your browser

i did but it never makes the file
with the ip's in them,

also i dont think it should say code offline.

(03-16-2014, 05:32 PM)Snow.Eskimo Wrote: One question, does it scans on the server where is the VPS hosted or scans on all the servers on the internet?

good question, im wondering about this aswell.
so far i can say it doesnt work.:tounge:
Reply
#8
(03-16-2014, 05:32 PM)Snow.Eskimo Wrote: One question, does it scans on the server where is the VPS hosted or scans on all the servers on the internet?
It scans random IP's around the internet, and when it spots a webdav, it creates the file automatically and logs the webdav ip there
Reply
#9
(03-16-2014, 05:45 PM)Tumppi⁴²⁰ Wrote:
(03-16-2014, 05:32 PM)Snow.Eskimo Wrote: One question, does it scans on the server where is the VPS hosted or scans on all the servers on the internet?
It scans random IP's around the internet, and when it spots a webdav, it creates the file automatically and logs the webdav ip there

Thanks for the fast respond, I may think of using it for some fun haha :hehe!:
[Image: 0sPWRRx.gif]
Reply
#10
(03-16-2014, 05:54 PM)Snow.Eskimo Wrote:
(03-16-2014, 05:45 PM)Tumppi⁴²⁰ Wrote:
(03-16-2014, 05:32 PM)Snow.Eskimo Wrote: One question, does it scans on the server where is the VPS hosted or scans on all the servers on the internet?
It scans random IP's around the internet, and when it spots a webdav, it creates the file automatically and logs the webdav ip there

Thanks for the fast respond, I may think of using it for some fun haha :hehe!:

ITS NOT WORKING....
so how can u use it ?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)