Lab 11: Remote code execution via web shell upload

 This lab contains a vulnerable image upload function. It doesn't perform any validation on the files users upload before storing them on the server's filesystem.

I have to upload a basic PHP web shell and use it to exfiltrate the contents of the file /home/carlos/secret



The first step is to log in with the account I was provided



I found a PHP line to get the file contents



I put it into a PHP file and now I am going to upload this file to then be able to get the contents of the file





After I uploaded the file I then sent a GET request to the file path





This gave me the final flag

Comments

Popular posts from this blog

Vulnerability Management(Nessus)

Active Directory Home Lab

TightVNC and Colasoft Packet Builder Lab

Practitioner Lab 2: File path traversal, traversal sequences stripped non-recursively