ID03 | WebClient
The WebClient service enable Windows-based programs to create, access and modify Internet-based files. It allows a client to connect to a WebDAV server but makes it vulnerable to a HTTP-based coercion using NTLM authentication.
References:
The Hacker Recipes (WebClient abuse - WebDav)
gladiatx0r Gist (From RPC to RCE)
Table of availables actions, states, and targets
Vulnerability ID |
Trigger available |
Default state |
Default target |
|---|---|---|---|
03 | WebClient |
No |
Absent |
srv02 |
Launch
Enable
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/03.yml --extra-vars "action=enable"
Disable
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/03.yml --extra-vars "action=disable"
Implementation
Enable
The WebClient service is not present on Windows Servers by default
compared to workstations such as Windows 10.
To make it available, the WebDAV-Redirector feature is installed,
which then enables the WebClient service.
Reference:
Disable
The WebClient service is stopped and the WebClient service WebDAV-Redirector feature
is uninstalled.
Reference:
Customization
You can choose another target than the default one.
host_name = dc01 | srv01 | srv02
action = enable | disable
Example with srv01:
# Current directory: ansible
ansible-playbook -i inventory.yml playbooks/vulnerabilities/03.yml --extra-vars "action=enable host_name=srv01"