Posts: 24 Threads: 0 Joined: N/A August 7, 2022 at 1:21 AM (August 7, 2022, 01:12 AM)fironeDerbert Wrote: (August 7, 2022, 12:49 AM)vexxxi Wrote: (August 7, 2022, 12:24 AM)fironeDerbert Wrote: (August 7, 2022, 12:20 AM)vexxxi Wrote: any hint for how to bypass pdf filter ? won't let me upload even normal pdf :s
You have to set the name like something.pdf.php and keep the pdf first line and last line format
just tried that and wasn't able to get it to go through just always says only pdfs allowed
it should be getting uploaded to /logs/uploads/ right ?
Try to upload a regular pdf and see how the filter works, and yes the file will be uploaded in /logs/uploads even for regular pdfs it still gives me only pdf files allowed message, ive tried 3 different ones for regular upload including one of the ones from the logs/hash/logs.pdf Posts: 0 Threads: 0 Joined: N/A August 7, 2022 at 1:24 AM How is everyone bypassing disable_functions? Literally all the good stuff is disabled and I've tried some known bypasses and none work. Posts: 26 Threads: 0 Joined: N/A August 7, 2022 at 1:31 AM (August 7, 2022, 01:24 AM)bigdare Wrote: How is everyone bypassing disable_functions? Literally all the good stuff is disabled and I've tried some known bypasses and none work. https://github.com/epinna/weevely3Posts: 166 Threads: 0 Joined: N/A August 7, 2022 at 2:45 AM (August 7, 2022, 01:21 AM)vexxxi Wrote: (August 7, 2022, 01:12 AM)fironeDerbert Wrote: (August 7, 2022, 12:49 AM)vexxxi Wrote: (August 7, 2022, 12:24 AM)fironeDerbert Wrote: (August 7, 2022, 12:20 AM)vexxxi Wrote: any hint for how to bypass pdf filter ? won't let me upload even normal pdf :s
You have to set the name like something.pdf.php and keep the pdf first line and last line format
just tried that and wasn't able to get it to go through just always says only pdfs allowed
it should be getting uploaded to /logs/uploads/ right ?
Try to upload a regular pdf and see how the filter works, and yes the file will be uploaded in /logs/uploads
even for regular pdfs it still gives me only pdf files allowed message, ive tried 3 different ones for regular upload including one of the ones from the logs/hash/logs.pdf upload a pdf you alredy found on server. upload and with burp change content from PDF to you php reverse shell. after that access http://moderators.htb/logs/uploads/shell.pdf.php Posts: 42 Threads: 0 Joined: N/A August 7, 2022 at 6:41 AM found brandfolder plugin that is supposed to be vulnerable to LFI/RFI but doesn't seem to load. anyone got any further? Posts: 33 Threads: 0 Joined: N/A August 7, 2022 at 8:04 AM (August 6, 2022, 07:52 PM)loge23 Wrote: http://moderators.htb/logs/md5(report_no)/
Quick question on this after fuzzing the logs directory how did you get to the md5 Posts: 132 Threads: 0 Joined: N/A August 7, 2022 at 8:17 AM (August 7, 2022, 08:04 AM)JINXX Wrote: (August 6, 2022, 07:52 PM)loge23 Wrote: http://moderators.htb/logs/md5(report_no)/
Quick question on this after fuzzing the logs directory how did you get to the md5 You can use online tools: https://www.md5online.org/md5-encrypt.html Posts: 33 Threads: 0 Joined: N/A August 7, 2022 at 8:28 AM your are md5 the report log name? Posts: 70 Threads: 0 Joined: N/A August 7, 2022 at 8:41 AM (August 7, 2022, 01:31 AM)loge23 Wrote: (August 7, 2022, 01:24 AM)bigdare Wrote: How is everyone bypassing disable_functions? Literally all the good stuff is disabled and I've tried some known bypasses and none work.
https://github.com/epinna/weevely3 Guys this is the best tip ever, focus on this. It does not matter if brandfolder plugin is disabled, it is a php file, and it is going to be executed as lexi. Posts: 26 Threads: 0 Joined: N/A August 7, 2022 at 9:01 AM (August 7, 2022, 08:04 AM)JINXX Wrote: (August 6, 2022, 07:52 PM)loge23 Wrote: http://moderators.htb/logs/md5(report_no)/
Quick question on this after fuzzing the logs directory how did you get to the md5 Google "e21cece511f43a5cb18d4932429915ed" md5 |
