1 00:00:00,380 --> 00:00:05,890 In this video, we are going to see how we can chain multiple vulnerabilities to exploit dvwa. 2 00:00:07,000 --> 00:00:08,109 We are going to solve. 3 00:00:08,109 --> 00:00:11,740 Five Upload high difficulty challenge with command injection. 4 00:00:15,100 --> 00:00:19,120 First of all, go to security settings and set the difficulty to high. 5 00:00:21,520 --> 00:00:23,860 Now create an MSF random payload. 6 00:00:26,200 --> 00:00:29,560 And start a multi handler with Metasploit. 7 00:00:34,710 --> 00:00:36,090 Now upload the file. 8 00:00:36,120 --> 00:00:38,070 The file will not be uploaded. 9 00:00:38,640 --> 00:00:41,100 We have already seen that in medium difficulty. 10 00:00:41,100 --> 00:00:46,650 The server checks for file content type and if it is not a jpeg image, it does not upload it. 11 00:00:50,340 --> 00:00:54,630 However, in high difficulty the server checks for the file type as well. 12 00:00:55,920 --> 00:01:00,120 We can bypass it by appending content-type header in the file itself. 13 00:01:00,480 --> 00:01:04,440 So add gif 89 alpha on top of your exploit file. 14 00:01:05,410 --> 00:01:09,250 Rename your file to exploit dot php dot jpg and upload it. 15 00:01:10,250 --> 00:01:11,930 The file will be uploaded. 16 00:01:13,740 --> 00:01:17,400 Now we need to exploit some other vulnerability to make the file work. 17 00:01:18,350 --> 00:01:24,860 If we do have command injection on our target, you can use the command as shown on the screen to rename 18 00:01:24,860 --> 00:01:26,180 the file back to PHP. 19 00:01:29,710 --> 00:01:30,160 No. 20 00:01:30,160 --> 00:01:33,280 Browse to the uploaded file and we will get the reverse shell. 21 00:01:36,080 --> 00:01:39,470 Now let's see the demonstration on Dvwa. 22 00:01:39,770 --> 00:01:41,660 Set the security level to high. 23 00:01:42,990 --> 00:01:44,280 Go to file upload. 24 00:01:48,330 --> 00:01:52,860 Now create an MSF venom payload with the command as shown on the screen. 25 00:01:56,210 --> 00:01:58,670 Use your local IP to create the payload. 26 00:02:04,590 --> 00:02:06,120 Don't try to upload it. 27 00:02:09,620 --> 00:02:12,470 And you can see that our image was not uploaded. 28 00:02:18,890 --> 00:02:25,490 We'll rename the exploit file with exploit dot jpeg to make it appear as an image. 29 00:02:29,970 --> 00:02:32,160 Now let's try to upload it again. 30 00:02:38,840 --> 00:02:41,570 However, it still doesn't get uploaded. 31 00:02:45,710 --> 00:02:48,620 Now open the contents of the file with Nano. 32 00:02:52,050 --> 00:02:57,450 And add 89 Alfa on top of it to make it appear like an image. 33 00:03:00,800 --> 00:03:02,150 Now upload the file. 34 00:03:07,890 --> 00:03:10,440 And you can see that our file gets uploaded. 35 00:03:13,570 --> 00:03:16,630 However, if you try to navigate it. 36 00:03:17,480 --> 00:03:19,280 You get 404 not found. 37 00:03:23,870 --> 00:03:27,590 However, if you try to open it in your browser, you get an error. 38 00:03:30,780 --> 00:03:32,730 Now let's run the multi handler. 39 00:03:35,480 --> 00:03:36,980 Run MSF console. 40 00:03:42,730 --> 00:03:44,500 Use the exploit multi handler. 41 00:03:45,660 --> 00:03:48,630 Set your payload to PHP interpreter reverse TCP. 42 00:03:54,470 --> 00:03:56,360 Set your host to your local IP. 43 00:04:00,010 --> 00:04:01,030 And run it. 44 00:04:04,690 --> 00:04:07,210 Now try to open the file in the browser again. 45 00:04:13,780 --> 00:04:15,460 And we do not get any shell. 46 00:04:18,209 --> 00:04:19,200 Now let's move back to. 47 00:04:21,519 --> 00:04:22,990 Go to command injection. 48 00:04:24,770 --> 00:04:26,090 And list down the files. 49 00:04:32,370 --> 00:04:36,120 Now rename the uploaded file back to exploit dot PHP. 50 00:04:43,450 --> 00:04:45,910 And you can see that we have renamed the file. 51 00:04:50,610 --> 00:04:52,410 So try to open the file again. 52 00:04:58,280 --> 00:05:01,400 And you can see that we get the reverse MetaFilter share. 53 00:05:06,070 --> 00:05:10,570 So in this manner we can chain multiple vulnerabilities to exploit or target.