1
00:00:01,609 --> 00:00:07,310
In this video, we are going to solve low and medium difficulty file upload challenges on dvwa.

2
00:00:09,480 --> 00:00:15,240
File upload vulnerability is a vulnerability in web applications that allows an attacker to upload malicious

3
00:00:15,240 --> 00:00:16,440
files to a server.

4
00:00:17,170 --> 00:00:22,330
These files can then be executed on the server, potentially giving the attacker unauthorized access

5
00:00:22,330 --> 00:00:23,680
to sensitive information.

6
00:00:23,710 --> 00:00:28,630
The ability to execute arbitrary code and the ability to launch further attacks.

7
00:00:29,390 --> 00:00:34,640
The vulnerability typically arises when the application does not properly validate or sanitize the file

8
00:00:34,670 --> 00:00:39,140
being uploaded, allowing the attacker to upload the file with a malicious payload.

9
00:00:40,130 --> 00:00:45,890
So you should be on Kali Linux or Parrot OS in VMware VirtualBox or running natively on your PC.

10
00:00:47,810 --> 00:00:48,530
Now let's see.

11
00:00:48,560 --> 00:00:51,380
Low difficulty file upload challenge.

12
00:00:53,060 --> 00:00:56,900
First of all, go to security settings and set the difficulty to low.

13
00:00:58,520 --> 00:01:02,450
Now create an MSF venom payload on your Kali machine.

14
00:01:02,480 --> 00:01:06,320
Just provide the IP address of your machine and port.

15
00:01:08,630 --> 00:01:13,610
Northern Metasploit and start a multi handler to listen to PHP reverse sessions.

16
00:01:16,150 --> 00:01:17,380
Now upload the file.

17
00:01:17,410 --> 00:01:23,260
The file will be uploaded without any restriction and then you can open the file in the browser.

18
00:01:24,970 --> 00:01:27,520
On opening the file, we will get the reverse shell.

19
00:01:31,520 --> 00:01:33,020
So we are on to.

20
00:01:34,340 --> 00:01:36,350
First of all, change the security level to low.

21
00:01:39,210 --> 00:01:40,920
Move to the file upload tab.

22
00:01:42,080 --> 00:01:47,900
You can view the source and you can see that no sanitization is being performed on file upload.

23
00:01:50,450 --> 00:01:52,190
Now open Metasploit.

24
00:01:52,490 --> 00:01:56,120
Let's first start a multi handler to listen to reverse shells.

25
00:01:57,500 --> 00:02:00,530
Search for handler and you get a number of results.

26
00:02:01,970 --> 00:02:04,190
The multi handler is at number 30.

27
00:02:04,670 --> 00:02:05,960
So use the command.

28
00:02:05,960 --> 00:02:08,389
Use 30 to select the multi handler.

29
00:02:10,979 --> 00:02:14,010
No set payload to listen to PHP reverse shells.

30
00:02:19,530 --> 00:02:22,860
As we are running on our local machine set.

31
00:02:23,130 --> 00:02:26,160
Host to 127.0.0.1.

32
00:02:31,070 --> 00:02:31,910
Gnaw on it.

33
00:02:34,840 --> 00:02:37,210
And our reverse handler will start.

34
00:02:38,900 --> 00:02:41,210
Now let's create a malicious payload.

35
00:02:41,840 --> 00:02:45,260
Use MSF to list all PHP payloads.

36
00:02:47,470 --> 00:02:51,010
We are going to use metropolitan reverse TCP payload.

37
00:02:53,100 --> 00:03:00,810
Use the command MSF venom dash p payload host to our local IP set port.

38
00:03:01,780 --> 00:03:04,840
And output the code in exploit php file.

39
00:03:08,950 --> 00:03:11,440
And our malicious payload has been generated.

40
00:03:15,060 --> 00:03:16,530
No bag on Dvwa.

41
00:03:17,070 --> 00:03:18,480
Click on Browse.

42
00:03:19,280 --> 00:03:20,660
And upload the payload.

43
00:03:28,360 --> 00:03:30,190
You will get the link to the payload.

44
00:03:31,290 --> 00:03:33,870
Just copy the link and paste it in the browser.

45
00:03:39,360 --> 00:03:41,520
And you get a reverse metropolitan shell.

46
00:03:41,850 --> 00:03:43,950
Here you can perform different actions like.

47
00:03:46,310 --> 00:03:46,580
That.

48
00:03:47,030 --> 00:03:47,840
ET cetera.

49
00:03:50,270 --> 00:03:52,880
Now let's delete the payload from the server.

50
00:03:53,330 --> 00:03:55,580
Use the command to remove it.

51
00:04:03,780 --> 00:04:06,930
Now again run multi handler to this one to reverse shells.

52
00:04:10,720 --> 00:04:13,900
For medium difficulty file upload challenge.

53
00:04:14,380 --> 00:04:16,209
Change the difficulty to medium.

54
00:04:21,550 --> 00:04:24,340
Create a venom payload on your Kali machine.

55
00:04:27,690 --> 00:04:30,030
Run metasploit and start a multi handler.

56
00:04:33,270 --> 00:04:34,410
And upload the file.

57
00:04:34,680 --> 00:04:37,890
The file will not be uploaded in medium difficulty.

58
00:04:37,890 --> 00:04:43,080
The server checks for the file content type and if it is not an image, it does not upload it.

59
00:04:44,590 --> 00:04:50,500
Now you need to fire up, burp and try to upload the same shell generated in the previous step and capture

60
00:04:50,500 --> 00:04:51,640
the request in burp.

61
00:04:52,300 --> 00:04:53,470
Now send it to the repeater.

62
00:04:54,710 --> 00:04:58,100
And change the content type of application to image.

63
00:04:59,590 --> 00:05:01,150
And forward the request.

64
00:05:03,260 --> 00:05:05,000
And we will get the reverse shell.

65
00:05:07,110 --> 00:05:08,820
Let's see the demonstration.

66
00:05:09,810 --> 00:05:12,180
First of all, change the security level to medium.

67
00:05:16,750 --> 00:05:19,120
Let's try to upload the generated payload.

68
00:05:21,620 --> 00:05:22,850
And you will get an error.

69
00:05:24,810 --> 00:05:29,870
And if you view the source, you can see that it checks if it's an image or not.

70
00:05:35,330 --> 00:05:36,430
Nevada burp.

71
00:05:42,670 --> 00:05:44,560
Create a new temporary project.

72
00:05:48,980 --> 00:05:50,000
In the proxy tab.

73
00:05:50,030 --> 00:05:51,500
Turn the intercept on.

74
00:05:55,550 --> 00:05:58,190
And set up your browser to use the burp proxy.

75
00:06:02,600 --> 00:06:02,840
No.

76
00:06:02,840 --> 00:06:04,040
Upload the exploit.

77
00:06:07,620 --> 00:06:08,700
Add click upload.

78
00:06:09,420 --> 00:06:11,430
Your request will be captured in burp.

79
00:06:15,450 --> 00:06:15,720
Here.

80
00:06:15,720 --> 00:06:20,070
Change the content type from application to image slash jpeg.

81
00:06:21,370 --> 00:06:22,870
And forward the request.

82
00:06:24,420 --> 00:06:26,190
And our shell will be uploaded.

83
00:06:28,190 --> 00:06:30,860
To copy the URL and paste it in browser.

84
00:06:37,120 --> 00:06:38,620
And you get the reverse shell.

85
00:06:42,280 --> 00:06:47,590
So in this manner we can exploit file, upload vulnerabilities in any website.