Advent Of Cyber 2 Try Hack Me [Day 2] The Elf Strick back
Today I am going to do the second challenge so lets crack the ice
What string of text needs adding to the URL to get access to the upload page?
So This is what is look like when you enter the IP to the browser you need to get the ID and log in to the system. when we going through the LM we encounter that there was URL with some parameters so we can use that knowledge to log in to this system
http://10.10.24.189/?id=ODIzODI5MTNiYmYw so in here we need to changed the parameter here to log in to the system.
answer — id=ODIzODI5MTNiYmYw
What type of file is accepted by the site?
So this is what its look like when you logged in to the site now its asking us to upload a image
So I have uploaded a image and its received successfully so its accepting Image files. so answer — image
Bypass the filter and upload a reverse shell. In which directory are the uploaded files stored?
if you don't have a reverse shell you can find it in here
In here you need to change the IP and port. For IP you can get the tun0 IP because its connected via VPN to the TryHackMe site and port can be any value. In here I used the port 443
So in here when I was trying to bypass the upload filter it detected the file call rev.php as a wrong input file so I put rev.jpg.php
in here you can put rev.png.php or rev.jpeg.php. then it was successfully uploaded to site
when you went through the learning materials you could see there are 3 DIR mentions those are uploads/ images/ media/ so I found that uploaded DIR was uploads or you can run dirbuster in here to find what are the other DIR in here
Activate your reverse shell and catch it in a netcat listener!
so this is how we have to run our net cat command
What is the flag in
/var/www/flag.txt
?
I run the file in the Upload DIR then netcat listener got the connection from the server and gave me a reverse shell to the server and got the flag from give DIR
flag =THM{MGU3Y2UyMGUwNjExYTY4NTAxOWJhMzhh}
hope you see in the next challenge see you!!!!