Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/lukedschenk/hackinos-file-upload-finder

Just a place to keep a neat piece of code I made in order to assist in rooting the HackInOS machine on Vulnhub.
https://github.com/lukedschenk/hackinos-file-upload-finder

brute-force bruteforce ctf ctf-solutions ctf-tools hacking hackinos-machine hashing hashlib http http-requests pentesting python python-requests python3 reverse-shell vulnhub

Last synced: 5 days ago
JSON representation

Just a place to keep a neat piece of code I made in order to assist in rooting the HackInOS machine on Vulnhub.

Awesome Lists containing this project

README 

        
# HackInOS-File-Upload-Finder

Just a place to keep a neat piece of code I made in order to assist in rooting the HackInOS machine on Vulnhub.



## What is this?

In the CTF vulnhub machine known as "HackInOS," at some point you may come across a place where you can upload files. In this case, I used this to upload a PHP reverse shell onto the VM's web server. Upon inspection of html source code you are able to find a link to a PHP file responsible for uploading the files to the web server. Long story short yada yada, I analyzed the code and found out where the uploaded files were being stored. (Long story short) The files were being stored based on hash combinations of the filename and a number between 1-100. I then wrote this script to brute force the url of the uploaded php reverse shell file. 



## Why am I uploading this?

Mainly just as a place to keep it for future reference, but also in hopes that someone else interested in CTF, or HTTP requests in python, or hashing in python, or really just anyone who is interested in this at all may find it. It is not a bad script to look at for anyone who has never tried doing `GET` requests in python before. 



I hope you find this code useful or interesting. Thanks!