<h3 id="go-to-overwritevulnsthm">Go to overwrite.vulns.thm</h3>
<h4 id="look-at-the-source-code">Look at the source code</h4>
<p>Find an image file ~&gt; mountains.jpg<br /></p>
<h4 id="rename-file-to-be-uploaded-to-mountainsjpglessbrgreater">Rename file to be uploaded to "mountains.jpg"<br /></h4>
<p>Upload file, get flag<br /></p>
<h3 id="go-to-shelluploadvulnsthm">Go to shell.uploadvulns.thm</h3>
<h4 id="download-pentesting-monkeys-php-reverse-shell-scriptlessbrgreater">Download Pentesting Monkey's PHP reverse shell script<br /></h4>
<p>Put in IP address of listener<br />
Start Netcat listener<br /></p>
<h3 id="run-a-gobuster-scan-on-overwritevulnsthmlessbrgreater">Run a Gobuster scan on overwrite.vulns.thm<br /></h3>
<h4 id="find-resources-lessbrgreater">Find /resources/ <br /></h4>
<p>Go to overwrite.uploadvulns.thm<br />
Upload the reverse shell script<br /></p>
<h4 id="go-to-overwriteuploadvulnsthmresourcesphpreverseshellphp-or-whatever-the-file-name-islessbrgreater">Go to overwrite.uploadvulns.thm/resources/phpreverseshell.php (or whatever the file name is)<br /></h4>
<p>See error on webpage, check Netcat<br /></p>
<h4 id="weve-got-a-shell">We've got a shell!</h4>
<p>Check whoami ~&gt; www-data <br />
<code>ls -l /var/www/</code><br />
<code>cat flag.txt</code></p>


### Go to overwrite.vulns.thm
#### Look at the source code
Find an image file ~> mountains.jpg<br>
#### Rename file to be uploaded to "mountains.jpg"<br>
Upload file, get flag<br>

### Go to shell.uploadvulns.thm
#### Download Pentesting Monkey's PHP reverse shell script<br>
Put in IP address of listener<br>
Start Netcat listener<br>

### Run a Gobuster scan on overwrite.vulns.thm<br>
#### Find /resources/ <br>
Go to overwrite.uploadvulns.thm<br>
Upload the reverse shell script<br>

#### Go to overwrite.uploadvulns.thm/resources/phpreverseshell.php (or whatever the file name is)<br>
See error on webpage, check Netcat<br>

#### We've got a shell!
Check whoami ~> www-data <br>
```ls -l /var/www/```<br>
```cat flag.txt```



epikoeni

epikoeni

THM Upload Vulnerabilites -- Overwriting Existing Files and Remote Code Execution

Go to overwrite.vulns.thm

Look at the source code

Rename file to be uploaded to "mountains.jpg"

Go to shell.uploadvulns.thm

Download Pentesting Monkey's PHP reverse shell script

Run a Gobuster scan on overwrite.vulns.thm

Find /resources/

Go to overwrite.uploadvulns.thm/resources/phpreverseshell.php (or whatever the file name is)

We've got a shell!