TryHackMe! Upload Vulnerabilities - File Upload Vulnerabilities & Exploit - Complete walkthrough

Подписаться 9 тыс.

Просмотров 17 тыс.

50% 1

In this video I will take you through a longer and more complete walkthrough of Upload Vulnerabilities & Exploit the room on TryHackMe. Insecure file upload vulnerabilities is a quite serious thing so please watch it all and learn how penetration test for Upload Vulnerabilities & Exploit.
Patreon: patreon.com/user?u=75719467
Affiliate links:
Get a good deal with NordVPN:
go.nordvpn.net/aff_c?offer_id...
Get a good deal with VidIQ:
vidiq.com/securityinmind
Donate:
paypal.me/hepit
TryHackMe! Upload Vulnerabilities - File Upload Vulnerabilities & Exploit - Complete walkthrough
❤️ Follow me on Twitter - / securitynmind
❤️ Website - security-in-mind.com/
❤️ RU-vid - / @secbydaniel
DONT CLICK THIS: bit.ly/3CpDavu
Like my videos? Would you consider to donate to me I created a possible way for you to do that.
Donation link: streamlabs.com/securityinmind...

Наука

Опубликовано:

8 ноя 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 34

@azerty2385 2 месяца назад

Je viens de découvrir votre chaîne. Merci beaucoup pour votre contenu très claire, efficace et concis.

@invader703 Год назад

Hey bro just want to say I always go to your page when I get stuck on something for a while, you're helping me out a lot. Thanks man!

@GameSki36 9 месяцев назад

Thank you for all everything that you explained and did in this video. At first (OWASP Juice Shop) and (Upload Vulnerabilities) sites would not work till I re-configured my settings. Thank you again!

@omn5142 5 месяцев назад

Thank you so much for this, not going to lie the last challenge was kinda kickin my ass

@Rockadocious Год назад

Thanks so much for this video. This has been helpful. Great job!

@ver4576 10 месяцев назад

Im confused on 1:00:50 why did you have to change the filetype of the shell to .jpg if you removed the file-type restrictions? couldnt you just upload the .php shell file directly?

@polycapmuniu8494 2 месяца назад

Yo, just watched your video on File Inclusion vulnerabilities and it's got me hyped for the day ahead! 🙌🔥 Your explanations were on point and made understanding these concepts so much easier. Thanks for breaking it down in such a clear and concise way! Can't wait to dive into more of your content and level up my web hacking skills. Keep dropping those knowledge bombs, fam! 💣💻 #TryHackMe #WebHacking #KnowledgeIsPower

@secbydaniel 2 месяца назад

Thank you :)

@user-ey7fi9kz3p Год назад

Thank you! I like the idea of disabling JavaScript on the client side, this way you know for sure if the application completely rely on the front-end to validate file uploads or not. And for the script.js file at 39:35 it seems that it was obfuscated. There are some good JavaScript deobfuscators online out there if you encounter such files

@iCyberVenom Год назад

Thank you for all your content! I've watched A LOT of your videos and learned A LOT from you. Friend to friend...you would solve most of these questions/challenges 10x faster if you just slowed down. You're very fast to a fault sometimes. :)

@secbydaniel Год назад

Hey man :) Thanks for your comment. Happy that you learned something :)

@jakeed09090 8 месяцев назад

Lost it at your reaction to being rick roll'd. Thanks a lot for this.

@secbydaniel 8 месяцев назад

haha ... i do remember that.. it was kinda funny :)

@taothetaoist-6166 Год назад

i was just able to do this room............

@bipulsingh5216 Год назад

thank you sir

@demonkiller4644 Год назад

Haven't watched the video yet but thanks for uploading it! My question is, is there anyway to bypass a system that explicitly converts every uploaded file to a specific format (like JPG). I successfully sent the file to the server. The only problem is that the server converts it to JPG - nullifying the chance of remote execution. I know it's not that easy to bypass. But any tips here will surely help. Thanks

@xCheddarB0b42x 8 месяцев назад

I must be having a Monday on Tuesday, over an hour on Task 7, and the submit fails every time.

@xCheddarB0b42x 8 месяцев назад

haha nvm I got it ;p

@EgyptianJoker 6 месяцев назад

why burp suite does not intercept js file ?

@demonkiller4644 Год назад

One more question. Does a reverse shell automatically execute after successfully uploaded? If yes then why?

@secbydaniel Год назад

I have seen on earlier versions of PHP that code inside the file was executed while uploaded. I believe that it was a programmers flaw that actually included the file thus executing it. I cant speak for all languages and software's, so the answer would have to be: I have so far not experience a classic file upload from a website where the reverse shell I uploaded did not have to be called by me.

@r00t0rd3r6 Год назад

I am stuck in this room maybe tomorrow I'll do it 😃

@secbydaniel Год назад

Do it

@Fullyraw1991 Год назад

I can't get through forwarding it never goes there when I forward it just stays blank on burp I can't access the assets/js/uploadjs

@secbydaniel Год назад

Sounds like that your browser is not sending its traffic through Burp. The best and most easy way to ensure that things are going well is to install FoxyProxy. Set it up and point all traffic to 127.0.0.1 and port 8080. Remember to pick that newly created option in FoxyProxy and remember to have intercept turned on in Burp.

@Epiclynamed Год назад

@@secbydaniel For anyone else that got stuck here following along, I found the answer in a separate video. Under the BurpSuite proxy options, when he says to remove the .jpg line, you also need to remove the "^js$" portion as well. This will allow BurpSuite to see the Java requests, and then you'll see the 'upload.js' portion you're needing. No shade thrown to Daniel, I have come to these videos so frequently during my THM time, I greatly appreciate all your hard work in putting these out 👍

@Chran0 Год назад

For me the problem was that i was receiving a 304 request. This status code indicates that the requested resource has not been modified since the last request, and the server is instructing the client (your browser) to use the locally cached version instead of retrieving it again. So my fix was to clear my browser cache.