Skip to main content

THM | Upload Vulnerabilities

· 3 min read

Web Hacking Fundamentals | Upload Vulnerabilities | Summary:

This series of walkthroughs aims to help out complete beginners with finishing the Complete Beginner path on the TryHackMe website. It is based on the learning content provided in the Upload Vulnerabilities room.

Disclaimer: Please note that this write-up is NOT intended to replace the original room or its content, but rather serve as supplementary material for those who are stuck and need additional guidance.

Task | 01 | Getting Started

Question 1: I solemly swear that I have read (and fully understood) the above information. I have configured my machine as instructed.

No answer needed

Task | 02 | Introduction

Question 1: Read and understand the above information.

No answer needed

Task | 03 | General Methodology

Question 1: Read the General Methodology

No answer needed

Task | 04 | Overwriting Existing Files

Question 1: What is the name of the image file which can be overwritten?

mountains.jpg

Question 2: Overwrite the image. What is the flag you receive?

<flag>

Task | 05 | Remote Code Execution

Question 1: Run a Gobuster scan on the website using the syntax from the screenshot above. What directory looks like it might be used for uploads?

  • (N.B. This is a good habit to get into, and will serve you well in the upcoming tasks...)

/resources

Question 2: Get either a web shell or a reverse shell on the machine. What's the flag in the /var/www/ directory of the server?

<flag>

Task | 06 | Filtering

Question 1: What is the traditionally predominant server-side scripting language?

php

Question 2: When validating by file extension, what would you call a list of accepted extensions (whereby the server rejects any extension not in the list)?

whitelist

Question 3: [Research] What MIME type would you expect to see when uploading a CSV file?

text/csv

Task | 07 | Bypassing Client-Side Filtering

Question 1: What is the flag in /var/www/?

<flag>

Task | 08 | Bypassing Server-Side Filtering: File Extensions

Question 1: What is the flag in /var/www/?

<flag>

Task | 09 | Bypassing Server-Side Filtering: Magic Numbers

Question 1: Grab the flag from /var/www/

<flag>

Task | 10 | Example Methodology

Question 1: Read the example methodology

No answer needed

Task | 11 | Challenge

Question 1: Hack the machine and grab the flag from /var/www/

<flag>

Task | 12 | Conclusion

Question 1: Room completed, and hosts file reverted!

No answer needed