HTB Academy: FILE UPLOAD ATTACKS - Skills Assessments

Hi All,

Just wondering if someone could point me in the right direction - I think I’m on the cusp of finishing the task but am stuck with uploading a web shell to the final location and getting it to run.

When I navigate to the location and access the file I’ve uploaded I get the dreaded cannot open file as it contains errors.

Below are the steps I’ve managed to complete:

  • obtain the code to understand the upload process
  • I know the location for where files are dropped.
  • validation of both allow/block lists for extensions.
  • validation of MIME and Content-Type

Can get a filename through but having the issues of getting the file correct in order to be able to perform RCE to obtain final flag

Just looking for pointers if anyone can help…