![]() We will demonstrate how to upload files with Nmap, Metasploit and Curl. In the next steps of this tutorial we will upload a Meterpreter PHP reverse shell script to the webserver and execute it. Now that we know we can upload files to this directory let’s have a look at a few different ways to do this. Nikto -host The last line of Nikto output indicates that the uploads directories allows uploading files using HTTP PUT. If the HTTP PUT method is enabled than Nikto will indicate this as following: We can also use the web vulnerability scanner Nikto to determine vulnerabilities in the webserver. Nmap –script http-methods –script-args http-methods.url-path=’/uploads’,http-methods.test-all -p 8585 172.28.128.3 Nmap HTTP-Methods script returns the allowed methods for the uploads directory.Īs we can see the webserver allows us to upload files to the uploads directory and even delete files. When we run the following command see that HTTP PUT is enabled for the uploads directory: But as this may not always work an easier way is to run the Nmap http-methods script on the uploads directory. Testing for allowed HTTP methods can be done with the OPTIONS HTTP method which provides a list of allowed methods. ![]() We can use several methods to determine if we’re allowed to upload files to this directory with the HTTP PUT method. When we run dirb on the Apache webserver with the following command we find a directory named ‘uploads’:ĭirb Dirb found the uploads directory on Metasploitable 3 port 8585. A nice tool that brute forces directories on a webserver is dirb. The next step is to find out what directories are present on this webserver. Nmap service scan on Metasploitable 3 Discovering webserver directories with Dirb In this tutorial we will target the Apache server on port 8585. From the Nmap port scan we found out that Metasploitable is running Microsoft IIS on port 80 and Apache httpd 2.2.21 on port 8585. First we will learn how we can determine which HTTP methods are allowed and find out if HTTP PUT is one of them.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |