Simply take advantage of the put protocol in HTTP to get the shell

The first time you use the shell, there are no write permissions.

Station too spicy chicken, pure practiced hand, will not hit the code.

The HTTP request method used in this combat:

Options,put,move/coppy

* Pre-war preparations

0x01 What is the options method?

This method is used to request a feature option that can be used by the resource identified by the URL in the request/response communication process. In this way, the client can decide what action to take on the resource, or understand the performance of the server, before taking a specific resource request.

0x02 what is a put method?

The Put method is one of the HTTP request methods. This method is used to request that the server store the entity in the request under the request resource, and if the requested resource already exists on the server, the data in this request will be replaced with the original data as the latest modified version of the specified resource. If the requested resource does not exist, the resource is created and the data bit requests the body.

0x03 What is the Move/copy method?

This is because WebDAV (WebDAV is a communication protocol based on the http/1.1 Protocol) extends the HTTP protocol, adding some new methods outside of several HTTP standard methods, such as Get,post,head, to make the HTTP protocol more powerful.

Copy and move, that is, copying and moving, these two also play a role in renaming.

* Start the actual battle

1. Use the Options method to view server information.

We can see

Server container is IIS6.0

Web script is ASP

The permitted methods are options,trace,get,put,move,copy and other methods.

2. Try writing an ASP with the Put method.

(however, the CER format has also been tried, but the discovery cannot be written.) )

But found the. html Suffix to write!

Despair, server container is IIS6.0 capable? The answer is to use an analytic loophole!

(Curl doesn't use the copy and move commands, and it's been a long time since you've found the right tool to use the Copy method, just open the virtual machine with Windows software)

3.put+copy/move the shell for file modification

By the way, why not use Windows tools to write in a put method at first? Because of the tool under Windows, writing the put directly will result in an error, so you must first have a file, then put it again, and then copy/move the name.

The second time the file is written to the shell, the method is put.

Then rename the file with Copy/move, which is renamed only by copy.

Access the shell.

OK to win successfully.

Simply take advantage of the put protocol in HTTP to get the shell