Premise

In this video walkthrough, we covered file upload vulnerabilities and some techniques to get around them. We used TryHackMe Advent of Cyber 2 Day 2 / 2020 Christmas Chaos.

Challenge Description

After your heroic deeds regaining control of the control centre yesterday, Elf McSkidy has decided to give you an important job to do.

“We know we’ve been hacked, so we need a way to protect ourselves! The dev team have set up a website for the elves to upload pictures of any suspicious people hanging around the factory, but we need to make sure it’s secure before we add it to the public network. Please perform a security audit on the new server and make sure it’s unhackable!”

You listen to the briefing and accept the task, pressing the deploy button to start the server as you do so.

McSkidy once again gives you a dossier of useful information to help you with your task, which you read as you wait for the server to boot

Get OSCP Certificate Notes

Challenge Questions

  • What string of text needs adding to the URL to get access to the upload page?
  • What type of file is accepted by the site?

Bypass the filter and upload a reverse shell.

  • In which directory are the uploaded files stored?
  • Activate your reverse shell and catch it in a netcat listener!
  • What is the flag in /var/www/flag.txt?

Room Link

Answers / Day 2

What string of text needs adding to the URL to get access to the upload page?

What type of file is accepted by the site?

Bypass the filter and upload a reverse shell.

In which directory are the uploaded files stored?

Activate your reverse shell and catch it in a netcat listener!

What is the flag in /var/www/flag.txt?

Video Walkthrough