During a web-server assessment, you run "nmap -p 80,443 --script http-methods " against an Internet-facing Apache 2.4 host. The script reports that GET, HEAD, POST, OPTIONS, PUT, DELETE, and PATCH are allowed and that PUT requests are not restricted by a WebDAV ACL. What is the most effective next step to attempt remote compromise?
Send an HTTP TRACE request to harvest authentication cookies through cross-site tracing.
Issue repeated HTTP DELETE requests to critical resources to crash the site and trigger a system reboot.
Use the OPTIONS method to identify the Apache version string and search for a public exploit.
Upload a server-side script via an HTTP PUT request and browse to it to obtain a web shell.
Because the server accepts unauthenticated PUT requests, you can upload arbitrary files into the web root. Placing a server-side script (for example, a PHP or JSP web shell) and then requesting it through the browser gives you immediate command execution under the web-server account. TRACE-based XST can steal cookies but does not usually yield direct code execution, DELETE is unlikely to crash a modern server, and OPTIONS only supplies information-you already know the version from your scan and still need a separate vulnerability. Therefore, exploiting unrestricted PUT is the fastest path to a foothold.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is WebDAV ACL and why does it matter for PUT requests?
Open an interactive chat with Bash
What is a web shell and how does it work?
Open an interactive chat with Bash
Why is exploiting HTTP TRACE or DELETE less effective here?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .