Magic Numbers in Files: Magic numbers are the first bits of a file that uniquely identify the type of file. For instance: JPEG files always begin with the bytes FF D8 FF To know about magic number of other files: Check this out -> https://asecuritysite.com/forensics/magic In this lab, we will need to create a…

Before starting with this lab you should be familiar with some bypass techniques * Double Extension * Null Character * multibyte Unicode characters * Magic numbers What are Null Characters: Let take a string , char a[10] = “Hello” This is how it will be stored in the memory: h |…

Read this Amazing blog: [WEB] Bypass file upload filter with .htaccess I think you know what I am talking about. The "file upload" vulnerability is familiar for you ? Nice. So you know how…thibaud-robin.fr What exactly is .htaccess in Apache? Apache .htaccess files allow users to configure directories of the web server they control without modifying the main configuration file. if .htaccess contains this content:

“A directory to which user-supplied files are uploaded will likely have much stricter controls than other locations on the filesystem that are assumed to be out of reach for end users. …

CONTENT-TYPE VALIDATION : Content-Type validation is when the server validate the content of the file by checking the MIME type of the file, which can be shown in the http request. CONTENT-TYPE BYPASS: This type of validation can be bypassed by keeping the file name for example to “shell.php” or “shell.aspx” but changing the “Content-Type” parameter as “image/ *” Content-Type. Such as “image/png”, “image/jpeg”, and “image/gif”.

Definition: File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. LAB 1 Exploiting unrestricted file uploads to deploy a web shell Remote code execution via web shell upload Lab description: This lab…

Resources:

TryHackMe: Pentesting Fundamentals Key Takeaways : Distinction of hackers by Hat: White Hat The “good people/hacker”, who remain within the law and use their skills to benefit others. For example, a penetration tester performing an authorized engagement on a company. Grey Hat These people use their skills to benefit others…

Make cyber hygiene part of your routine These are some practices that may help you stay safe online: Update your software/application regularly — be it your mobile, windows, Linux, or any other. Use network firewalls — firewalls are your 1st line of defense. …