NS3 | Network Security Series
kurtnettle1 min read
Problem Statement
Knowing the directory where files uploaded are stored is important
for reinforcing defenses against unauthorized access.
Which directory is used by the website to store the uploaded files?
Flag Format: BUBT{///}
network_artifacts.pcapng
Prerequisites
- Wireshark (basic use of filters, following HTTP/TCP streams, viewing responses)
Solution
From the previous problem NS2, I you notice you will see that the attacker is trying different paths (/admin/uploads, /uploads, /admin/, /reviews/uploads/)
I manually checked the responses for each path he tried and found a valid path that listed the file he uploaded.
Credits
Hashnode - for the amazing platform
BUBT - for the workshop
0
Subscribe to my newsletter
Read articles from kurtnettle directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by