Upload Vulnerabilities

|> Room link: https://tryhackme.com/room/uploadvulns

⚠️Tools used:
> Burpsuite
> gobuster
> Wappalyser

Task 1 Getting Started

Let’s deploy the machine to give it a few minutes to boot. click on the Start Machine button. now you have to configure your own pc.

open host file

  • on linux /etc/hosts
  • on windows C:\Windows\System32\drivers\etc\hosts

Task 2 Introduction

The purpose of this room to explore some of the vulnerabilities resulting from improper handling of file uploads. We will be looking at:

  • Overwriting existing files on a server
  • Uploading and Executing Shells on a server
  • Bypassing Client-Side filtering
  • Bypassing various kinds of Server-Side filtering
  • Fooling content type validation checks

pre {
  background: #1a1a1d;
  padding: 20px;
  border-radius: 8px;
  font-size: 1rem;
  overflow: auto;

  @media (--phone) {
    white-space: pre-wrap;
    word-wrap: break-word;
  }

  code {
    background: none !important;
    color: #ccc;
    padding: 0;
    font-size: inherit;
  }
}