تقييمات الطلاب
( 5 من 5 )
١ تقييمات
فيديو شرح Bypassing Server Side Upload Filters P6 Upload Vulnerabilities TryHackMe ضمن كورس اختبار اختراق المواقع شرح قناة Motasem Hamdan Cyber Security & Tech، الفديو رقم 53 مجانى معتمد اونلاين
The video focuses on bypassing file upload filters to exploit vulnerabilities in web applications. It demonstrates techniques to handle both client-side and server-side filtering, specifically addressing scenarios involving file extensions and magic numbers. This video is a walkthrough for Upload Vulnerabilities TryHackMe room.
Receive Cyber Security Field Notes and Special Training Videos
https://buymeacoffee.com/notescatalog/membership
Writeup
https://motasem-notes.net/bypassing-file-upload-filters-p6-upload-vulnerabilities-tryhackme/
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 Introduction to File Upload Vulnerabilities
0:11 Recap of Previous Video (Tasks 4 and 5)
0:26 Tasks 7, 8, and 9 Overview
0:50 Bypassing Server-Side Filters
1:01 File Extension-Based Filtering
1:15 Testing File Uploads with Allowed Extensions
2:30 Detecting Blacklisted Extensions
3:05 Using Gobuster to Locate the Upload Directory
3:45 Bypassing File Extension Filters with Tricks
5:18 Using Alternate Extensions for Execution
6:14 Successful Reverse Shell with Modified PHP File
6:24 Task 9: Bypassing Magic Number Filters
6:52 Understanding Magic Numbers in File Headers
8:11 Modifying PHP File’s Magic Numbers to Match GIF
9:13 Changing File Headers with Hex Editor
10:12 Verifying Modified File’s Functionality
11:44 Uploading Modified File to Bypass Magic Number Filters
12:01 Accessing the Reverse Shell via Graphics Directory
13:14 Troubleshooting and Renaming Files for Execution
14:17 Successfully Obtaining the Flag
14:26 Final Thoughts and Challenge Overview