1
00:00:01,440 --> 00:00:05,250
Ok now though we can bypass the checking for the file type.

2
00:00:05,360 --> 00:00:07,110
Let's see if we can bypass it.

3
00:00:07,190 --> 00:00:10,080
When we increased the security level too high.

4
00:00:10,430 --> 00:00:21,460
So again I'm gonna say this and I'm going to go to the website settings here and DVD-Video hey.

5
00:00:21,640 --> 00:00:23,620
And as you can see now this is still running.

6
00:00:23,760 --> 00:00:29,580
So it's intercepting every packet I'm going to click this to turn it off so I can browse the internet

7
00:00:29,580 --> 00:00:32,480
normally and I'm going to go on.

8
00:00:33,690 --> 00:00:36,180
I'm going to submit that.

9
00:00:36,350 --> 00:00:37,820
And now that's our goal.

10
00:00:37,860 --> 00:00:41,240
So the security level now is high.

11
00:00:41,350 --> 00:00:43,770
I'm going to go to my file upload.

12
00:00:44,040 --> 00:00:47,890
I'm going to try to upload a normal image just to make sure that nothing broke.

13
00:00:48,950 --> 00:00:50,040
Like we did before.

14
00:00:50,090 --> 00:00:52,510
So we're going to upload the image

15
00:00:55,110 --> 00:00:59,680
and as you can see we can upload GBG extensions.

16
00:00:59,680 --> 00:01:03,300
So I'm going to turn on my interceptor again so I can see what's happened.

17
00:01:03,640 --> 00:01:07,520
And I'm going to try to upload my shell right here.

18
00:01:07,540 --> 00:01:11,420
JP you like I did in the previous video.

19
00:01:11,580 --> 00:01:17,340
I'm going to click on upload and I'll just try the method we tried before and see if that works.

20
00:01:17,340 --> 00:01:24,270
So in the previous method the target computer or the target server was checking the file type is an

21
00:01:24,270 --> 00:01:24,930
image.

22
00:01:24,930 --> 00:01:31,440
So when we call our file GBG and was only checking if the content type is an image.

23
00:01:31,470 --> 00:01:40,480
So when we come here and change this to page we and forward this packet the upload used to go through.

24
00:01:40,560 --> 00:01:43,990
Now you can see that it's telling us that the image was not uploaded.

25
00:01:44,160 --> 00:01:48,190
So it's probably in that the extension is GPDA as well.

26
00:01:48,270 --> 00:01:54,540
So I check in the file type and the extension so we can bypass the file type like we did before but

27
00:01:54,690 --> 00:01:58,820
now is checking for the extension so we can't really bypass it that way.

28
00:01:59,190 --> 00:02:02,870
So what we're going to do is we're going to do a trick that I'll show you now.

29
00:02:03,030 --> 00:02:10,980
So I'm just going to upload the file again same files show other AJP and going to click on upload what

30
00:02:10,980 --> 00:02:11,640
it's doing.

31
00:02:11,640 --> 00:02:16,620
Right now it's checking out the content type is an image that JPEG which is perfect.

32
00:02:16,620 --> 00:02:17,460
That's cool.

33
00:02:17,460 --> 00:02:18,180
We can do that.

34
00:02:18,180 --> 00:02:19,720
We bypass our last line.

35
00:02:19,870 --> 00:02:25,710
Well it's also checking this time it's probably we don't know but we're assuming that it's also checking

36
00:02:25,710 --> 00:02:30,060
that the file type is that JP G at the end.

37
00:02:30,180 --> 00:02:37,190
So when you're changing that to to those BHB everything is broken because it's expect an adult puji

38
00:02:37,200 --> 00:02:38,750
file or that PFG.

39
00:02:38,820 --> 00:02:41,550
So that's expected an image extension.

40
00:02:41,850 --> 00:02:48,230
So we're going to do is we're going to do that ph we dart GBG.

41
00:02:48,390 --> 00:02:55,230
So we're going to call the files show that BHB that GBG this way it's going to check if the last thing

42
00:02:55,260 --> 00:03:01,500
is that our GPDA and it's going to think that it is a dodgy speed you can upload it to us then we're

43
00:03:01,500 --> 00:03:05,710
going to browse it like a page file and it should work for us.

44
00:03:06,090 --> 00:03:10,940
So I'm going to call this shell to or actually we'll call each other three.

45
00:03:10,980 --> 00:03:19,810
So the only thing we modify now is we modify the filename in here to shell 3 ph we don't GBG I'm going

46
00:03:19,810 --> 00:03:22,680
to forward this packet.

47
00:03:22,830 --> 00:03:28,050
And as you can see now the file has been uploaded successfully.

48
00:03:28,100 --> 00:03:34,770
Now I'm going to go back to my have here and the last file we interacted with was called shell to that

49
00:03:34,790 --> 00:03:35,610
BHB.

50
00:03:35,810 --> 00:03:44,920
This time our file is called Scheldt 3.0 ph really Daut GBG enter.

51
00:03:45,160 --> 00:03:53,140
As you can see we managed to connect to to upload a Ph.D. file and executed on the target computer using

52
00:03:53,310 --> 00:04:03,230
word proxy to keep the file type as an image and then we change the file extension to dub GBG to BHP

53
00:04:03,250 --> 00:04:07,530
Dutch JPT which bypassed the file type check as well.

54
00:04:07,540 --> 00:04:14,800
So if I do id Now I can get my ID for Dupee the video of my working directory out of the future we'll

55
00:04:14,800 --> 00:04:21,150
see how we can use Wimbley But for now you can see that we managed to gain access to our target website.