Back to Writeups

TryHackMeEasy

TryHackMe - Dav

webdavcadaverphpdefault-credentialslinux

Enumeration

Nmap

BASH

                            PORT   STATE SERVICE
80/tcp open  http
                        

Got only one port open which is strange but ok lets see

Landing Page

Got a directory by fuzzing:

http://10.10.10.10/webdav

WebDAV Login

Its default credentials are wampp:xampp - got it from GitHub

WebDAV Access

Went directly to cadaver and put a PHP reverse shell

Cadaver Upload

Shell Upload Success

Got the shell and got everything

Root Shell

SOLVED IN 3 MINS

Key Takeaways

Default Credentials - Always check for default credentials on WebDAV
Cadaver - Great tool for uploading files to WebDAV
PHP Reverse Shell - Classic technique for getting initial access