- Author Description
- Level 1
- Level 2
- Level 3
Welcome to the ZorZ VM Challenge
This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!
Apache httpd 2.4.7 ((Ubuntu))
Enumeration of port 80, discovered
The web application has no filter protection, so uploading a PHP shell is possible.
PHP Shell Upload:
/uploads2 was previously disclosed by Dirbuster,
/uploads1 was discovered manually (logical guess).
Level 1 complete.
The initial attempt to upload the previous shell failed with the error message:
Several attempts were then made to upload shells with various extensions such as
shell.php.png etc to bypass the web application filtering, all attempts to bypassed the filtering failed.
Burp Suite - PHP Shell Injection in an Image file
It was apparent the web application had a mechanism for image file validation, several attempts were made to inject the php shell code into the image file. The solution was to inject the code at the end of the image data.
The file extension also needed modifying to
.php.jpg, this appeared to force the web server to process the file, likely due to poorly configured Apache MIME types.
Image uploaded successfully.
Execution of image from
Level 2 complete.
Level 3 was beaten simply by renaming the php reverse shell to
php-reverse-shell.php.png, this was enough to bypass the filtering.
An alternative solution would of been to use burp to upload the file + change the content type.
Level 3 complete.
Thanks for the VM :)