Info

• Name: Upload Vulnerabilities
• Description: Tutorial room exploring some basic file-upload vulnerabilities in websites
• Difficulty: Easy
• Room link: https://tryhackme.com/room/uploadvulns

Write-up

Overview

The purpose of this room is to explore some of the vulnerabilities resulting from improper (or inadequate) handling of file uploads. Specifically, we will be looking at:

• Overwriting existing files on a server
• Uploading and Executing Shells on a server
• Bypassing Client-Side filtering
• Bypassing various kinds of Server-Side filtering
• Fooling content type validation checks

Task 4

Q: What is the name of the image file which can be overwritten?

A: mountains.jpg

Q: Overwrite the image. What is the flag you receive?

A:

Task 5

Q: Run a Gobuster scan on the website using the syntax from the screenshot above. What directory looks like it might be used for uploads?

A: /resources

Q: Get either a web shell or a reverse shell on the machine.
What's the flag in the /var/www/ directory of the server?

A:

Task 6

Q: What is the traditionally predominant server-side scripting language? A: php

Q: When validating by file extension, what would you call a list of accepted extensions (whereby the server rejects any extension not in the list)?

A: whitelist

Q: [Research] What MIME type would you expect to see when uploading a CSV file?

A: text/csv

Task 7

Q: What is the flag in /var/www/?

A:

Task 8

Q: What is the flag in /var/www/?

A:

Task 9

Q: Grab the flag from /var/www/

A:

Task 11

Q: Hack the machine and grab the flag from /var/www/

A: Due to an error I was having in the machine, I was no able to get to the end of the task. So after you upload the image, you have to go to http://jewel.uploadvulns.thm/admin and write ../content/PHR.jpg (just change the 3 letters for the ones given to your image)