How I Hacked My College (PART 3)
--
Hello Everyone, this is my last part and the best one to get RCE ( Remote Code Execution). I am happy to change the mindset of my College to look into Security where the Education department doesn’t take cybersecurity seriously unless and until they are hit by Cyber Criminals.
All those who are reading this story, I request every one to take security as a major part in their life, think twice while giving your data to anyone no matter it's your college because sometimes your data is given to third parties to handle and if they don't take major steps to secure your data you will be hacked easily.
Remote Code Execution — Smart but not Enough
What is Remote Code Execution?
Remote Code Execution (RCE) One of the most dangerous types of computer vulnerabilities. It allows an attacker to remotely run malicious code within the target system on the local network or over the Internet. Physical access to the device is not required.
I started hunting for RCE so I thought of uploading PHP shell, I had found an upload picture functionality where we were supposed to upload our profile picture, without wasting any time I created my PHP shell. Now to check the flow of upload functionality I uploaded a normal picture and I got following request,
and my profile was uploaded successfully.
Now to check whether PHP is accepted or not I uploaded my backdoor PHP shell file,
and I received a 403 Forbidden response, it means we cant upload PHP file.
Now I had to bypass filters to upload PHP shell and get RCE.
Types of filters?
Here are some common filters used by the developers
- Blacklisting
- Whitelisting
- Content-type Validation
- Content length Validation
1. Blacklisting Bypass:
Blacklisting can be bypassed by uploading unpopular PHP extensions.
such as: pht, phpt, phtml, php3,php4,php5,php6
2. Whitelisting Bypass:
Whitelisting can be bypassed by uploading a file with some type of tricks, By adding a null…
