تقييمات الطلاب
( 5 من 5 )
١ تقييمات
فيديو شرح Bypassing Server Side Upload Filters P6 Upload Vulnerabilities TryHackMe ضمن كورس اختبار اختراق المواقع شرح قناة Motasem Hamdan، الفديو رقم 13 مجانى معتمد اونلاين
The video focuses on bypassing file upload filters to exploit vulnerabilities in web applications. It demonstrates techniques to handle both client-side and server-side filtering, specifically addressing scenarios involving file extensions and magic numbers. This video is a walkthrough for Upload Vulnerabilities TryHackMe room.
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/bypassing-file-upload-filters-p6-upload-vulnerabilities-tryhackme/
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 Introduction to File Upload Vulnerabilities
0:11 Recap of Previous Video (Tasks 4 and 5)
0:26 Tasks 7, 8, and 9 Overview
0:50 Bypassing Server-Side Filters
1:01 File Extension-Based Filtering
1:15 Testing File Uploads with Allowed Extensions
2:30 Detecting Blacklisted Extensions
3:05 Using Gobuster to Locate the Upload Directory
3:45 Bypassing File Extension Filters with Tricks
5:18 Using Alternate Extensions for Execution
6:14 Successful Reverse Shell with Modified PHP File
6:24 Task 9: Bypassing Magic Number Filters
6:52 Understanding Magic Numbers in File Headers
8:11 Modifying PHP File’s Magic Numbers to Match GIF
9:13 Changing File Headers with Hex Editor
10:12 Verifying Modified File’s Functionality
11:44 Uploading Modified File to Bypass Magic Number Filters
12:01 Accessing the Reverse Shell via Graphics Directory
13:14 Troubleshooting and Renaming Files for Execution
14:17 Successfully Obtaining the Flag
14:26 Final Thoughts and Challenge Overview