Upload Vulnerabilities
Contents
This is the write up for the room Upload Vulnerabilities on Tryhackme and it is part of the Web Fundamentals Path
Upload Vulnerabilities
Room link: https://tryhackme.com/room/uploadvulns
Tools used:
- Burpsuite
- gobuster
- Wappalyser
Task 1 Getting Started
Let’s deploy the machine to give it a few minutes to boot.
click on the Start Machine button.
now you have to configure your own pc.
open host file
- on linux /etc/hosts
- on windows C:\Windows\System32\drivers\etc\hosts
Task 2 Introduction
The purpose of this room to explore some of the vulnerabilities resulting from improper handling of file uploads. We will be looking at:
- Overwriting existing files on a server
- Uploading and Executing Shells on a server
- Bypassing Client-Side filtering
- Bypassing various kinds of Server-Side filtering
- Fooling content type validation checks
Task 3 General Methodology
Task 4 Overwriting Existing Files
Answer the questions below
-
What is the name of the image file which can be overwritten?
Ans:
mountains.jpg -
Overwrite the image. What is the flag you receive?
Ans:
THM{OTBiODQ3YmNjYWZhM2UyMmYzZDNiZjI5}