OSCP + CTF
  • Windows Privilege Escalation
  • Most Important Links
  • Tooling
    • Apache
    • Windows Basic Recon
    • Find
    • Recon
    • DNS
    • Socat
    • Fave sql Injection
    • Xterm setup
    • Powershell Shells
    • Powershell General Info
    • Powercat
    • Fucking SMB
    • Fucking LDAP
    • Tunneling + Pivoting
      • Chisel
    • Powershell
  • Web CTF
  • General Helpful Links
  • Music OBVI
  • MySQL Privilege Escalation
  • sudo -l
  • phpMyAdmin
  • Squid 🦑
  • OSCP Labs
    • Assembling The Pieces
    • 10.11.1.101
    • 10.11.1.14
    • 10.11.1.141
    • 10.11.1.252
    • 1011.1.35
    • 10.11.1.237
    • 10.11.1.71
    • 10.11.1.50
  • HTB
    • Agile
  • OSCP Proving Grounds
    • Template
    • Authby
    • Nibbles
    • Fail
    • CTF1
Powered by GitBook
On this page

Was this helpful?

  1. Tooling

Apache

Apache

Following this excellent article on ways to bypass upload vulnerabilities

https://thibaud-robin.fr/articles/bypass-filter-upload/

We can craft a .htaccess file to bypass uplaods:

└─$ cat .htaccess AddType application/x-httpd-php .dork

This creates an entry for the upload directory with a new, custom filetype under the name `.dork`

Now we should be able to upload a shell with a .dork extension and be able to run PHP on the web server!

Last updated 9 months ago

Was this helpful?