how hackers bypass file upload restrictions!
HTML-код
- Опубликовано: 18 сен 2024
- // Membership //
Want to learn all about cyber-security and become an ethical hacker? Join this channel now to gain access into exclusive ethical hacking videos by clicking this link: / @loiliangyang
// Courses //
Full Ethical Hacking Course: www.udemy.com/...
Full Web Ethical Hacking Course: www.udemy.com/...
Full Mobile Hacking Course: www.udemy.com/...
// Books //
Kali Linux Hacking: amzn.to/3IUXaJv
Linux Basics for Hackers: amzn.to/3EzRPV6
The Ultimate Kali Linux Book: amzn.to/3m7cutD
// Social Links //
Website: www.loiliangya...
Facebook: / loiliangyang
Instagram: / loiliangyang
LinkedIn: / loiliangyang
// Disclaimer //
Hacking without permission is illegal. This channel is strictly educational for learning about cyber-security in the areas of ethical hacking and penetration testing so that we can protect ourselves against the real hackers.
An even better approach is to upload the target file with docx.pdf and then change the content type to application/docx and filename during the interception by burp suite. This would improve precision in the upload process.
Hi Loi, you should pin this comment
@@_timestamp I like your showcases, but you should represent the solutions too, like the backend validations for this case, etc. Hacking methods without solutions seems like you only helping on the malicious people. I mean most of the pros know these stuff, your audience is the unexperienced community, and i'm sure they want to know how to prevent the stuff what you show them.
@@merlinwarage Whatever you say, don't kid yourself that Loi is only helping malicious people.
@@jamieeccleston2988 I'm happy, you did understand my comment.
How do I know the file path after uploading it?
Awesome line "i am fixing the website" lol
😂😂😂😂
Savage 😂
Can you introduce the most password attacks ?
Can you introduce the most password attacks ?
This method seems more efficient than exporting to PDF. I might adopt it.
😂
xD
Finally I can send my homework on a different file format
Any developer worth his salt will check the file that's been uploaded instead of blindly accepting whatever the network sends.
@MoDavid yup automatically keeping all other bu***it files in the spam folder
Yeah! Just click the file and open it in print ---> save file as required format(PDF, zip, xml,etc).......done.
Btw, nice tutorial we can try it when we don't want to get ourselves a job😁😂
I wonder if I'm able to upload a resume in different format, would it stand out to the recruiter? awesome tutorial btw
😂😂😂😂😂😂😂 this guy
I use candypdf to change the format. Takes a min to do that.
Other methods:
1. Zip the docx file.
2. Export as pdf.
To the people saying he could’ve just exported the docx file to pdf. In here he’s not showing how to bypass it for the purpose of uploading your stuff, what this video basically means is that if a website is restricting you from uploading for example a php reverse shell, then you can do this exact method to get around that and bypass the file extension
Cheers everybody
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
In a real website I would hope that the serverside does checks, but the content-length was unchanged also. So the upload would hang waiting for the rest of the content.
Thanks for watching and commenting.
For further interaction and guidance!! {W...H...A...T...S...A...P...P}+16282596917
Where's the disclaimer that this will only work if there's no server side validation in place for file types?
This guy never adds any disclaimers. That would ruin the clickbait.
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
doesn't the server will check the file type again and send an error message ?
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
This is quite useful if you know where the server uploads the files, and if it renames them or not. Once you know that, you can get a reverse shell by uploading say a php shell, or a simple webshell if file size is limited. Access the file in your browser and the web app will run the payload, giving you a shell on netcat. Assuming you did it all correctly anyways.
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
@@pinnedloiliangyang364 hacker don't believe
How do I know the file path after uploading it?
If you get lucky you can sometimes find the location by using tools like dirbuster and a dictionary of common directories. Once you find a directory of interest, dig around in it and see if you can view the contents or not. If not, try the directory/yourfile.extension and you mght get lucky again and have found the upload directory. Then just upload your payload and try to access it and the backend, if vulnerable, will execute your webshell and give access.
Mr. Loi - Hacking is illegal
My Mind- Let's try this on realtime websites
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Much faster than adding the file to a .zip folder :)
How can we hide payloads in a image file like php payloads for reverse shell connection from a social media website
This will work fine if the file check security is coded on the front-end, but as a developer I would never trust the front-end for that. My Web service would refuse that request and probably try to log your IP address as well. In all honesty, if that is coded on the front end there's an easier way to get around it, just modify the client-side code. No need for an interceptor in that case. For that matter, use Postman if you already have the endpoint.
thanks mom
Teacher: Where is your homework???
Me: Ahh its the exe file
Teacher: haha *how*
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
i just love this man "i am fixing website " (:
But surely changing everything about the request in the burp repeater tab would just make the submission fail, as you changed it all to docx, which is the same request that made it not work first time? Wouldnt it be better or more likely to work if you changed the file format exptension and file type in repeater tab but kept the actual content to upload, to evade and bypass checks? :>
I love the way he talks 🤩
Normal Person: Fix their resume
Loi: Fix someone else website
Pretty nice tutorial, Loiliangyang is the best !
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
can you please show how to do this with the upload limit (For Facebook specially, they don't allow file size bigger than 25 MB).
Love u from Bangladesh 😍😍
it doesnt work if the file check in the server side...
Friendly videos and knowledgeable. Keep it up Captain
But the question is that of we upload the type of file which the webiste doesn't allow me to using burpsuite then is the server even gonna process my resume or will it won't even do anything.
Often, there are a lot of form validation, file validation ..etc all types of validation processes that run on the backend server to validate the input before persisting it into a db or forwarding it somewhere else. That's best practice when developing backends for web apps and sites, in case things like this occur. So your chances are pretty slim for you to succeed with such exploits on popular sites. However, most backend developers have surface knowledge of such exploits so executing these vulnerabilities often works with low-medium tier websites where security isn't the top priority.
@@zeallavacube6357 yes that's what I was thinking, exploits like this would be pretty useless
Proxychains sir.
When a video of that?
You are awesome, just keep the path, we're learning with you
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Thanks sir for free and best Tortorials.
There is no doubt Mr LOI is one of the best professional security experts. I sincerely applaud him with sharing his knowledge.
I only hope he will consider or remember that most people watching him are learners not experts. He should please explain things to us like we learners
Thanks
Thanks Loi, now I can use websites as cloud :D
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
how to add USB wifi adapter to KALI,i can't do it. I plugged it in but it ain't shown the wlan. PLS HELP!
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Hi mester loi, I have a question, in content type for a php file what should I write?
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
"You will accept my file, if you want to or not!"
I Used this Method to Create backlinks
Please make a tut on uploading shells and invoking it through burp
Whaaaaaaaaaaaaa ? Invoking it thru burp isn’t sophisticated at all, in fact why would you even want to invoke it thru burp? Why don’t you just navigate to where your shell is uploaded on the filesystem and just execute it
@@younesmohssen8158 I think you didn't get what I meant to say
good job thank you
Thanks
Is this applicable on all websites
Thanks for watching and commenting.
For further interaction and guidance!! {W...H...A...T...S...A...P...P}+16282596917
i wonder how you could automate this. is there a way to automate burp or a proxy for python?
Thank you
Hello Loi, i have an issue on this OWASP. When i try to capture cookies (expecially referring to your "how a hackerer breaks into any accounts" video) with Burpsuite it doesn't actually catch cookies, it gives me "Cookie: language=en; welcomebanner_status=dismiss", and i don't know why it doesn't give me the token. My burpsuite proxy seems to be correctly configured. Anyone can help?
I've never used that suite, but do you see that cookie with the token on the dev tools of the browser?
@@pqsk I tried that as well but it actually didn't show the token sadly
@@GreenProStyle95 so then that page doesn't have a token then. Those pages from owasp are for learning and not all of them have the same cookies
@@pqsk hmm alright thanks, i will try some other stuff and see if it makes a difference
@@GreenProStyle95 you could also make a local site. It's easier to start off like that when you have full control of the site locally on your machine. Well if you know how to do that. That would be another starting point too. Nothing fancy, just basic site with login and cookies/tokens and then you can play with it easily
It's only to bypass the client side filter what about the server side?
Haha as fullstack dev I laugh of this 🤣😂
or you can literally click the docx file and export it into a pdf
Then you're a problem.
Including this WOW private servers I have in mind?
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Great tutorials, keep the good work
Hai loi I seen all your playlist of android hacking. Sir but I have an issue in that process that, I am not able to get into the ADB shell on non rooted Android.
One more thing is it possible to hack android without using ADB in any way I mean through app's that are using ADB commands are not included.
File upload vulnerability
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Sir if I take the hacking course membership then your member video is working
I need a help
Hey
What if the web application does not check the file content type or the code in it; but the server side filter the file extensions ; and also when you upload a picture anything before .jpeg or .png is given a random name
Even if it is pic.php%00.png => randomname.png so it will not be executed
Even if I changed the content type to application/x-php nothing is executed
What do you suggest ?
Is there a video on how cookies are vulnerable to hackers?
😊👍
Game over
Educative tutorial 🤝🏾
Beautiful
Hey i have watched a few of your videos now and i really like them. But i have to say that they are a bit hard to understand for a beginner (what i am) so i wanted to ask you if you could make a tutorial on how to get started with hacking, techniques etc.
Bro, this was already a simple example. But here a list how to get started.
Step 1. Learn programming a Website
Step 2. Learn how to protect a Website
Step 3. Learn how to hack websites
@@lev2590 wonderful piece. Please do you know all of this?
@@agadaFrancisLouis i would say yes. I learnt the basics like html, css and js. After that i started learning php in combination with sql for server side calculations. Then i started researching how to protect the website from known attacks like sql injection and so on. And now I do research how to hack my own Websites, so that i get even better in protecting them against bad people 😉
@@lev2590 I'm done with your step 1. It's the step 2 and 3 I don't know. Can you please help me, Lev?
@@agadaFrancisLouis what have you already learned?
That's a great Thing! Thank you!👍👍👍🤟😎
is there any alternative for CAT command.
How to Kali Linux Security update Android my Android Vivo v15pro Kali Linux update
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
What OS is that?
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Fixing the website 🤣🤣🤣🤣🤣🤣🤟🔥🔥🔥🔥🔥🔥
How can I get ur premium membership?
Thanks for watching and commenting.
For further interaction and guidance!!! {W...H...A...T...S...A...P...P}+16282596917
Very helpful ❤️
hey i have some file i need to make copy
Sudo said hello
how to join your youtube team I'm noob
Site please sir
What is uploder
Best for non-discord nitro users.
I would rather convert docx file to pdf and upload it like a normal person ✌️
Hacking is LEGAL there are a lot of company pay hacker for hack to there site
Wow ❤🎉
is there any way to know where the file is saved on the server ?
In the database lol
@@MsSoldadoRaso no really like the full path of the file (on the server)?
legend
But will it pass the server side checks for the website?
Probably not 😂
Which illustrates a lesson every website developer should know. While providing client side checks/feedback often results in a good user experience, ALWAYS do server side checking.
@@JasonWynn The server always has to validate absolutely all requests, from the body to the headers, you should not trust anything.
Thanks for watching and commenting.
For further interaction and guidance!! {W...H...A...T...S...A...P...P}+16282596917
Zzzzzzzz... and???
To be honest in my opinion, without offending anyone or being condescending, and without triggering anyone, i just wanna say i got nothing to say