Create Next App

TryHackMe - Bypass Disable Functions

File upload vulnerability occurs in web applications where there is the possibility of uploading a file without being checked by a security system that curbs potential dangers. It allows an attacker to upload files with code (scripts such as .php, .aspx and more) and run them on the same server. Among the typically applied measures is disabling dangerous functions that could execute operating system commands or start processes. Functions such as system() or shell_exec() are often disabled through PHP directives defined in the php.ini configuration file. Other functions, perhaps less known as dl() (which allows you to load a PHP extension dynamically), can go unnoticed by the system administrator and not be disabled. The usual thing in an intrusion test is to list which functions are enabled in case any have been forgotten. One of the easiest techniques to implement and not very widespread is to abuse the mail() and putenv() functionalities. This technique is not new, it was already reported to PHP in 2008 by gat3way, but it still works to this day. Through the putenv() function, we can modify the environment variables, allowing us to assign the value we want to the variable LD_PRELOAD. Roughly LD_PRELOAD will allow us to pre-load a .so library before the rest of the libraries, so that if a program uses a function of a library (libc.so for example), it will execute the one in our library instead of the one it should. In this way, we can hijack or "hook" functions, modifying their behaviour at will.

TryHackMe - Overpass

What happens when a group of broke Computer Science students try to make a password manager? Obviously a perfect commercial success! Overpass is an OWASP top 10 vulnerability Broken Authentication ( Identification and Authentication Failures ). For more information refer to: https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/

TryHackMe - Pickle Rick

This Rick and Morty-themed challenge requires you to exploit a web server and find three ingredients to help Rick make his potion and transform himself back into a human from a pickle.