HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 32 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow help needed in retrieving the uploaded shell
EH-Net
May 19, 2013, 01:44:29 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: help needed in retrieving the uploaded shell  (Read 3028 times)
0 Members and 1 Guest are viewing this topic.
manoj9372
Jr. Member
**
Offline Offline

Posts: 72


View Profile
« on: August 26, 2011, 02:10:07 AM »
hi guys,
I have been learning some basic web-application exploitation these days,
today i have been trying the basic exploitation

 i.e exploiting arbitrary file uploads

i have been practicing this on my friends
 jsp web-site running  with Apache-Coyote/1.1...,

i had successfully uploaded the shell  with a file name like this
Code:
commander.jsp.%%.jpeg

but while i tried to retrieve the shell after uploading i am getting error like this

Code:
The image "http://target.com/state/userregistrationimages/previewtemp/photo-1314340617178.jpg" can not be displayed,because it contains errors

Also the web-server supports the following http methods "GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS"

when i check with some tools ...

I would like to retrieve my uploaded shell,

is it possible to do that ?

Any suggestions/advice please?
« Last Edit: August 26, 2011, 03:28:08 AM by manoj9372 » Logged
ajohnson
Recruiters
Hero Member
*
Offline Offline

Posts: 1057


aka dynamik


View Profile WWW
« Reply #1 on: August 31, 2011, 08:10:26 AM »
If the application is renaming what you upload to <random number>.jpg, the web server isn't going to execute that as a .jsp file.

Also, Metasploit has a module for working with those unsafe HTTP methods: http://www.metasploit.com/modules/auxiliary/scanner/http/writable
Logged
WIP: GCFA | www.infosiege.net | @infosiege

The day you stop learning is the day you start becoming obsolete.
manoj9372
Jr. Member
**
Offline Offline

Posts: 72


View Profile
« Reply #2 on: September 03, 2011, 05:24:04 AM »
Code:
If the application is renaming what you upload to <random number>.jpg, the web server isn't going to execute that as a .jsp file.

Also, Metasploit has a module for working with those unsafe HTTP methods: http://www.metasploit.com/modules/auxiliary/scanner/http/writable

Thanks "dynamik" i got your point,so even if we upload the file like evil.jsp.%%.jpg,it wont get executed as jsp file,so there is no point of bypassing the filters it seems.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.068 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.