3 writeups tagged with WebDAV
LFI via lang parameter captures NTLM hash with Responder. Password spray, IIS WebDAV shell upload, RunasCs for lateral movement to Domain Admin.
IIS 6.0 WebDAV buffer overflow (CVE-2017-7269) for initial access. Token kidnapping / churrasco escalates to SYSTEM.
WebDAV file upload with extension spoofing deploys an ASPX shell. Token impersonation via churrasco/juicy potato for SYSTEM.
