A **HTTP Server with WebDav** active is a server where you probably can **update, delete, move, copy** files. **Sometimes** you **need** to have **valid credentials** (usually check with HTTP Basic Authentication).
Usually, to **connect** a WebDav server you will need valid **credentials**: [**WebDav bruteforce**](../../brute-force.md#http-basic-auth) _(Basic Auth)_.
Other common configuration is to **forbid uploading** files with **extensions** that will be **executed** by the web server, you should check how to **bypass this:**
This vulnerability is very interesting. The **WebDav** does **not allow** to **upload** or **rename** files with the extension **.asp**. But you can **bypass** this **adding** at the end of the name **";.txt"** and the file will be **executed** as if it were a .asp file (you could also **use ".html" instead of ".txt"** but **DON'T forget the ";"**).
Then you can **upload** your shell as a ".**txt" file** and **copy/move it to a ".asp;.txt"** file. An accessing that file through the web server, it will be **executed** (cadaver will said that the move action didn't work, but it did).
Inside this type of files you will find the **username** and a **hash** of the password. These are the credentials the webdav server is using to authenticate users.