lab writeup

TL8_WU_en

ePAPER READ

DOWNLOAD ePAPER

pentestit.ru

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Upload forms are prone to many kinds of developer errors, among

which one of the most popular is lack of file type verification. This lets

an attacker to upload a PHP file (or any other file depending on the

site’s underlying technology) and gain “shell” on the server. The uploaded

file would listen to various commands given by the attacker (like,

list the files on the server, connect to a database, or execute a reverse

shell back to the attacker for an interactive connection). So, file upload

vulnerabilities are extremely dangerous as they expose internal server

information, its database, passwords, connection strings and other data,

and may be used by an attacker to attack other hosts on the same network.

While it is perfectly fine to upload a simple shell that only executes a

command given by via GET parameter, I found a b374k shell that seems

to have quite a number of handy features. Grab your own shell file or get

a copy of b374k here: https://github.com/b374k/b374k.

Let’s try to upload a PHP file instead of the picture and see what happens:

Page

18 of 22

Recommendations
Info

Upload forms are prone to many kinds of developer errors, among which one of the most popular is lack of file type verification. This lets an attacker to upload a PHP file (or any other file depending on the site’s underlying technology) and gain “shell” on the server. The uploaded file would listen to various commands given by the attacker (like, list the files on the server, connect to a database, or execute a reverse shell back to the attacker for an interactive connection). So, file upload vulnerabilities are extremely dangerous as they expose internal server information, its database, passwords, connection strings and other data, and may be used by an attacker to attack other hosts on the same network. While it is perfectly fine to upload a simple shell that only executes a command given by via GET parameter, I found a b374k shell that seems to have quite a number of handy features. Grab your own shell file or get a copy of b374k here: https://github.com/b374k/b374k. Let’s try to upload a PHP file instead of the picture and see what happens: Page 18 of 22

We do see an upload error: Let’s try to tamper with the request in Burp Suite. Enable Proxy interceptor, and try again: As you can see, the browser identifies our content-type as application/xphp. Let’s try to change this: Page 19 of 22

Page 1 and 2: STABLE & SECURE BANK lab writeup Pa
Page 3 and 4: For best results, I recommend setti
Page 5 and 6: Let’s go ahead and scan 192.168.1
Page 7 and 8: Examining the source code of the we
Page 9 and 10: Let’s install the dvcs-ripper fir
Page 11 and 12: Let’s log in to the website using
Page 13 and 14: While dirb goes on, “api” folde
Page 15 and 16: Let’s try to see if we can attack
Page 17: In the Payload Options we give it a
Page 21 and 22: Voila, the b374k shell shows up! Le

lab writeup

Create successful ePaper yourself

Delete template?

Save as template?