04-WebDAV (80,443)

Sometimes the directory is called 'DAV'
Tools used to exploit:
Cadaver
Davtest

To perform a Brute Force attack on it using Hydra:

hydra -L <Users_list> -P <Passwords_list> <Target_Domain_or_IP> http-get <login_forum_location>
Exampe:
hydra -L /usr/share/wordlists/metasploit/common_users.txt -P /usr/share/wordlists/metasploit/common_passwords.txt 10.10.15.15 http-get /webdav/

Using msfconsole for an automatic shell
Manully Using msfvenom⚕️

To perform a Brute Force attack on it using Hydra:

After gaining access to the login page we can now upload malicious files to send commands to the machine.

Using msfconsole for an automatic shell

Manully Using msfvenom⚕️