Hacking Websites by Uploading files (With symlinks)
Рет қаралды 16,780
Күн бұрынIn this video, I show you how symlinks can be used to read arbitrary files on a web server.
DISCLAIMER: This video is intended only for educational purposes.
The experiments in this video are performed in a controlled
lab setup and not on a live target. The content is purely
from a penetration testing perspective. I do not
condone or encourage any illegal activities.
The web application in the video supports a file upload functionality where users can upload zip files. When we create a zip file that has a symlink in it which is pointing to an arbitrary file on the server, we are able to read the file pointed by the symlink. In this way we can read any file on the server which can be read by the web server user account (www-data). This can be used to read sensitive files like private keys, bash history, and even apache configuration files. We can leverage this vulnerability to read environment variables that the website is using and find interesting information like Database credentials, tokens, secret strings which we can further use to gain access to various services like ftp, ssh, database, etc.
These kinds of vulnerabilities with symlinks have been exploited many times in the wild. One of the finest example is this GitLab vulnerability where the researcher received a $29,000 bug bounty: hackerone.com/...
Thanks for watching!
SUBSCRIBE for more videos!
Join my Discord: / discord
Follow me on Instagram: / teja.techraj
Website: techraj156.com
Blog: blog.techraj15...
@SteveBClark 11 ай бұрын
The GOAT is back....❤
@ReligionAndMaterialismDebunked 10 ай бұрын
:3 I wonder if this can be used on my bug bounty targets. Also, I'm wondering how many Iranian, Lebanon, Saudi Arabian, North Korea, China, and other sites of terrorist, and dictatorship nations I get can into. 😅🥰🤑😋🤤 Great Indian hacker video. English. :3 😅 Shalom. Namaste.
@raoulduke8064 11 ай бұрын
yeees new video! GOAT is back
@_SebJ1000 11 ай бұрын
It's intresting to learn that they place the password in an environment variable, wonder if most devs encrypt it as well. As that might be the slightest bit more secure.
@divyam847 11 ай бұрын
glad that you're back :)
@anudeepkalyadapu1657 8 ай бұрын
What a video ! Looking forward for such videos man! Keep it up
@TejaRavipudi 10 ай бұрын
big fan. happy that you are back.
@TheAKAnonymous 10 ай бұрын
a suggestion, maybe you should try different titles something special surprising to be able to get more views adding curiosity to new students i mean we are technical student we understand your titles but new students might not and last thing as always this was a awesome video your's TheAKAnonymous
@dishusharma7881 10 ай бұрын
Where did you learn to pronounce environment as enveeronment? I am curious.
@manishneupane6070 11 ай бұрын
Wow, great video. Thank you for making
@jesusdacoast872 Ай бұрын
Very informative, thanks.
@HackingBinaries-dt2fh 10 ай бұрын
Love you man, just subscribed
@mindlesstelevision3213 11 ай бұрын
Good to see you Back ❤️♥️
@user-eh5zv6xl1t 2 ай бұрын
Good content Man.
@rajeevpuri8319 9 ай бұрын
thank you Sir , for this easy to understandable video for a noob like me.🙏🙏
@schooldropout1337 11 ай бұрын
Is finding a way to upload files without following the usual restrictions considered a security problem? Yes, bypassing file upload restrictions is a security vulnerability because it can potentially allow malicious files to be uploaded to a system, which can lead to various security risks and issues.
@x_ankur 11 ай бұрын
How to do that
@schooldropout1337 11 ай бұрын
@@x_ankur bro raj will provide an exclusive demo for that scenario 🤠
@ReligionAndMaterialismDebunked 10 ай бұрын
Thanks for the donation, and question, brother! 🤝🤑☺️
@ReligionAndMaterialismDebunked 10 ай бұрын
:3 I wonder if this can be used on my bug bounty targets. Also, I'm wondering how many Iranian, Lebanon, Saudi Arabian, North Korea, China, and other sites of terrorist, and dictatorship nations I get can into. 😅🥰🤑😋🤤 Great Indian hacker video. English. :3 😅 Shalom. Namaste.
@st.john_one 10 ай бұрын
pretty informative and cool, thanks
@Nin_Cada 11 ай бұрын
So what is the counter of it? How to not let the hackers get access to the filesystem using symlincks?
@ClashWithHuzefa 10 ай бұрын
Check whether if it is a symlink file or not, and don't let the Web server read, access directories, or file outside the Web root. If you are using php, there is a function is_link() to check whether its a symbolic link file or not
@Nin_Cada 10 ай бұрын
@@ClashWithHuzefa i see.. So, couple of rules for the webserver should do the trick. Thanks ✨
@ClashWithHuzefa 10 ай бұрын
@AkeaNine welcome buddy
@scorpionisready Ай бұрын
Informative ❤️
@prudhvikonakalla9605 10 ай бұрын
Raj-"kingu kingu"
@lnstagrarm 11 ай бұрын
More unique python projects please
@SankalpaBaral1337 10 ай бұрын
Brother do you remember you used to create challenges (like CTF)? Please make those types of videos again.
@monsterzero6928 10 ай бұрын
Can you please make a video on burpsuite how to inject files on servers by changing the file extension and injecting a backdoor with that
@pinged69 8 ай бұрын
Does this affect sites that do not do anything with the file, just purely serve it? I have a pretty basic file hosting service thats public, do I need to somehow worry about this? Symlinks are not something that can be POSTed over HTTPS, right?
@TechnicalHeavenSM 10 ай бұрын
😍😍😍.. You are back❤❤
@SwineTech 10 ай бұрын
Daemon, a program that runs in the background, anyone noticed the daemon
@montala3380 6 ай бұрын
Hi brother, the symlink is only work when target site use ZIP/ TAR. How about normal upload file? can I upload that symlink file to retrieve the content?
@gowthamreddysomala 10 ай бұрын
Anna nee Videos Kosam Wait Chastunnam ..
@x_ankur 11 ай бұрын
THAT WAS CRAZYYYYYY BRUHHHHH 🔥🔥🔥🔥🔥❤❤❤❤
@sagarhp2350 11 ай бұрын
He's back.. 🤩
@anuzravat 9 ай бұрын
is there some related article for this symlink vuln, u would like to recommend
@Si6n9ne 8 ай бұрын
where to get this source file of the one you doing right now,
@Si6n9ne 8 ай бұрын
Is there any way to recreate this vulnerability, I wanna try and test it out If yes someone point me to it please
@rishi8413 11 ай бұрын
love the explaination
@nemizy 10 ай бұрын
you went to traversal attack method lol
@Topfive_realestate 11 ай бұрын
Love you bro 💪💪
@jimmlmao 11 ай бұрын
thats actually genius
@evilspidy6924 11 ай бұрын
Is this exploit have any number like cve-#####
@TheAKAnonymous 10 ай бұрын
so late to watch your video
@usningame5177 11 ай бұрын
Do you provide. Course
@Faysalauchan 3 ай бұрын
😮😮 so amazing
@shahzansid 10 ай бұрын
❤
@mahesharyatech 11 ай бұрын
Any Issues With Users ?
@ClashWithHuzefa 10 ай бұрын
Amazing
@ReligionAndMaterialismDebunked 10 ай бұрын
:3 I wonder if this can be used on my bug bounty targets. Also, I'm wondering how many Iranian, Lebanon, Saudi Arabian, North Korea, China, and other sites of terrorist, and dictatorship nations I get can into. 😅🥰🤑😋🤤 Great Indian hacker video. English. :3 😅 Shalom. Namaste.
@khushipardeshi3114 4 ай бұрын
Hua kisi se actually hack??
@JohnDoe-xp9rd 11 ай бұрын
Cool
@vicmacarra 11 ай бұрын
Lel, interesting
@IDK_911 10 ай бұрын
just upload webshell
@sbh3612 9 ай бұрын
❤
@localh0ste 11 ай бұрын
❤
@PlayerOne69 11 ай бұрын
❤
@pavansasank 11 ай бұрын
❤
Anastasyia Prichinina. Actress. Cosplayer.
Рет қаралды 16 МЛН
thehackerish
Рет қаралды 243 М.
Anastasyia Prichinina. Actress. Cosplayer.
Рет қаралды 16 МЛН