In this video I demonstrate how to get into a webserver through an unsanitized file upload functionality.
First, we're dealing with a server for which the access to the administrator panel is easily achieved. Once inside the admin panel, the file upload functionality allows for uploading files with extensions that might lead to remote access in the server (through a remote shell).
So, what I did was to upload a php reverse shell, but before I set up a listener on my local machine. Once I execute the reverse php shell on the server, it throws back a shell on my local machine. What's left to do from there on is privilege escalation - or getting from a low privileged user to full system privileges, as administrator, or in this case - root.
This goes to show that if you're managing or administering web servers, you have to make sure you stay away from such misconfigurations because this would allow malicious users to own your system and cause unwanted damage.
I’ve seen hacking as something I can never venture near cause my perspective about hacking involves a picture of a computer genius working in a room full of screens and cyber tools working for the government of some coporate bodies but with this video shared, I see myself for the first time considering hacking as something I’d love to experience and hopefully enjoy . Keep steeming and touching lives.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
File upload functionality in web applications can unveil a large amount of information to a potential attacker or in certain occasions can lead to full system compromise. Thanks for putting up this video
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit