Elizabeth R Casale Posted August 7, 2019 Share Posted August 7, 2019 Hi everyone, I am dealing with a website on Microsoft-IIS/8.5 (OS: Windows Server 2012). I was sent a module that can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. I loaded it within the Metasploit console: So I set up 'RHOSTS' with the IP address of the server, and I don't know if there is something else that I must change. When I run the exploit only with the described change, I got an error message saying 'Upload failed on /metasploitblablabla.txt [303 See other]'. I suggest that this is normal because I have not used any payloads. I tried some of them, and the messages were the same. As you may see, I haven't got any experience with this framework, and any help would be appreciated. What am I doing wrong? Quote Link to comment Share on other sites More sharing options...
F0x3nB0x3n Posted August 15, 2019 Share Posted August 15, 2019 303 Other suggests the server is trying to redirect you. This may help to understand the error (may not either), 303 Other:https://evertpot.com/http/303-see-other Also, does it have host headers for the IP address? Or does it need an actual domain instead (e.g. example.com) to point it at the correct virtual directory? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.