Python Web Hacking: File Upload Remote Code Execution | Natas: OverTheWire (Level 12)
HTML-код
- Опубликовано: 21 сен 2024
- If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: paypal.me/johnh...
GitHub: github.com/Joh...
Site: www.johnhammond...
Twitter: / _johnhammond
dude, why don't you put a seperate video of how you use sublime this fast and explain some commands ...?
Thank you for making this video. This was really cool!
Great work, I realy got it, thank you for your videos)
You couldn't upload file becuase size was exceeded, there was max 1KB your unreal.jpg had 30KB
Good catch, thanks so much for watching!
Hi, thank you for the vid. I have a question:
Why does their server execute the php file? Like I dont understand why it would execute it.
Thanks for watching!
Well if PHP is installed, it will process anything that Apache (or whatever webserver software) serves with a .php extension. You can change this to other extensions if you want -- but that is just the norm. Anything noted as ".php", it will be considered PHP code and it will run it.
John Hammond Yeah ok so I think I understand..
Every request for .php files will be given to the php app which then sends back the response to the Apache (for instance) server which then sends back the response to the client?
@@iYankrozHD Sounds like you've got it!
Is it possible to exploit the filename parameter to print the password, instead of exploiting file upload?
I got all the way here without needing a video lol
Hell yeah, congrats!!
Isnt their an easier way to do this like burpsuite? I like the explanation but I've actually passed this level like last week just dont remember what I did
You could do this with Burpsuite, yes -- I just liked to use Python so you learn how to automate it, so if you do some more complex web attacks, you know how to script it and can learn more from it. You could do this with curl if you wanted to -- just a matter of what tool you like to use for the job.
ruclips.net/video/08ynVPgydLI/видео.html I guess this will help u if u are looking for the burpsuite solution