Multiple Ways to Exploiting PUT Method

Hi Friends, today’s article is related to exploiting the HTTP PUT method vulnerability through various techniques. First we will determine if the HTTP PUT method is enabled on the target victim machine, post which we will utilize several different methods to upload a Meterpreter reverse shell on the target and compromise the same.

Table of Content 

• Introduction to HTTP PUT Method
• Scanning HTTP PUT Method (Nikto)
• Exploiting PUT Method Using Cadaver
• Exploiting PUT Method Using Nmap
• Exploiting PUT Method Using Poster
• Exploiting PUT Method Using Metasploit
• Exploiting PUT Method Using Burpsuite
• Exploiting PUT Method Using Curl

Introduction to HTTP PUT Method

PUT method was originally intended as one of the HTTP method used for file management operations. If the HTTP PUT method is enabled on the webserver it can be used to upload a malicious resource to the target server, such as a web shell , and execute it

As this method is used to change or delete the files from the target server’s file system , it often results in arise in various File upload vulnerabilities , leading the way for critical and dangerous attacks .As a best practice , the file access permissions of the organizations’ critical servers should be strictly limited with restricted access to authorized users, if in case the organization absolutely MUST have these methods enabled.

Note : In this tutorial we are using a Vulnerable target machine for Pentesting purposes and to illustrate the use of various tools . This is purely meant for educational purposes in the testing environment and should not be used in Production environment without the authorized permissions from the relevant authorities/management.

Full Article Read Here