Home

Awesome

WebDAVC2

LAST/CURRENT VERSION: 0.3

Author: Arno0x0x - @Arno0x0x

WebDavC2 is a PoC of using the WebDAV protocol with PROPFIND only requests to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.

The tool is distributed under the terms of the GPLv3 licence.

Background information

Check this blog post on how and why I came up with the idea of using WebDAV PROPFIND only requests as a C2 channel:

Wordpress:Using WebDAV features as a covert channel

Architecture

WebDavC2 is composed of:

Features

WebDavC2 main features:

<img src="https://dl.dropboxusercontent.com/s/swucv9ixr7baumb/webdav_03.png?dl=0" width="600">

Installation & Configuration

Installation is pretty straight forward:

To start the controller, simply type ./webDavC2.py.

Compiling your own agent

Although it is perfectly OK to use the provided agent.exe, you can very easily compile your own executables of the agent, from the source code provided. You don't need Visual Studio installed.

DISCLAIMER

This tool is intended to be used in a legal and legitimate way only:

Quoting Empire's authors: There is no way to build offensive tools useful to the legitimate infosec industry while simultaneously preventing malicious actors from abusing them.

TODO

This tool is just a PoC so don't expect production quality, plus it has some arbitrary limitations in terms of quantity of data that can be transfered from the agent back to the controller.

To be added:

To be fixed: