The other day Chris Gates posted an excellent blog post about the WebDAV hotness that Chris Sullo (author of Nikto) cooked up (DAVTest) which Ryan Linn popped out a Metasploit module for.
Anyways, the story left off being a very limited user called “Network Service”. This user has Read and Execute, but no Write access, and a very limited field of view to boot.
meterpreter > getuid Server username: **NT AUTHORITYNETWORK SERVICE** Lets look around a bit.![]()
![]()
![]()
![]()
![]()
↧