ICT: Diary
D: 187 W: 28

< June 2020 >
Sun Mon Tue Wed Thu Fri Sat
 123456
78910111213
14151617181920
21222324252627
282930 

Based on notaweblog.php by joshua stein

[ ] Monday, 15 June 2020 [ ]

Immersive Labs

Using curl and xxd when doing Immersive Labs on file bypass.

curl command was:

curl -i -X POST -H "Content-Type: multipart/form-data" \
	-H "Content-Type: plain/text" \
	-F "fileToUpload=@shell.php" \
	http://10.102.6.149/upload.php

Tried using 0x0d:'\r' and 0x0a:'\n' in file names but it did work against the target.

Using xxd to inject jpeg magic numbers worked for uploading the php file - the target wouldn't then execute them…

Also had fun playing with GET parameters in the previous labs, with URL's like:

http://10.102.5.149/?post=LINK

curlxxd


$Id: dates.htm,v 1.1374 2020/06/25 11:13:31 fred Exp $

$Id: diary,v 1.27 2017/09/01 17:12:44 fred Exp $