Lessons Learned

Usage of Enumeration Tools

I actually got stuck on this box because of my enumeration step. Apparently my enumeration using dirsearch is not thorough enough which caused me to missed the "/rename" directory. This means I might have to try using different enumeration tools to ensure that I did not miss any details that might lead to exploitation.

Bypassing File Type Checks

Whenever there is a file upload functionality on a web server, it seems like an easy win to get a user shell. But in some case, the server checks the file type before allowing the file to be uploaded. From this box, I have learned that to bypass such checks we can attempt to modify the request that was sent to the server. By changing different parameters, we can know that if the server is checking a certain parameter or even checking the file extension itself. If we can idenfity the parameter, we can abuse it to deceive the server and to upload any file we want.