<h3 id="server-side-filtering-file-extensionslessbrgreater">Server-Side Filtering: File Extensions </h3>
<h4 id="go-to-annexuploadvulnsthmlessbrgreater">Go to annex.uploadvulns.thm </h4>
Try to upload the reverse shell script with various file extensions. 
.png works 
.php doesn't 
.phtml doesn't 
.php3 doesn't 
.php4 doesn't 
.php5 works! Upload script with .php5 file extension 
Make sure netcat is listening: <code>nc -lvnp 1234</code> 
Run gobuster to find where the file could be stored 
Find the directory, run the script, use the shell, find the flag 
<h3 id="server-side-filtering-magic-numberslessbrgreater">Server-Side Filtering: Magic Numbers </h3>
<h4 id="go-to-magicuploadvulnsthmlessbrgreater">Go to magic.uploadvulns.thm </h4>
Enumerate what file types work and what types don't. 
Search online for the magic number for the file type that works 
Use the Linux <code>file</code> command to check the type of our payload file 
Edit the file and add as many random characters to the beginning as the byte length of the target magic number 
Open the file in hex editor, change the first bytes to the target magic number. 
Recheck file type to make sure it worked 
Upload file successfully 
Open netcat listener 
Run gobuster to find the directory name where the file could be located 
Find the directory, run the script, use the shell, find the flag.

### Server-Side Filtering: File Extensions 
#### Go to annex.uploadvulns.thm 
Try to upload the reverse shell script with various file extensions. 
.png works 
.php doesn't 
.phtml doesn't 
.php3 doesn't 
.php4 doesn't 
.php5 works! Upload script with .php5 file extension 
Make sure netcat is listening: `nc -lvnp 1234` 
Run gobuster to find where the file could be stored 
Find the directory, run the script, use the shell, find the flag 

### Server-Side Filtering: Magic Numbers 
#### Go to magic.uploadvulns.thm 
Enumerate what file types work and what types don't. 
Search online for the magic number for the file type that works 
Use the Linux `file` command to check the type of our payload file 
Edit the file and add as many random characters to the beginning as the byte length of the target magic number 
Open the file in hex editor, change the first bytes to the target magic number. 
Recheck file type to make sure it worked 
Upload file successfully 
Open netcat listener 
Run gobuster to find the directory name where the file could be located 
Find the directory, run the script, use the shell, find the flag.

THM Upload Vulnerabilities -- Bypassing Server-Side Filters

Server-Side Filtering: File Extensions

Go to annex.uploadvulns.thm

Server-Side Filtering: Magic Numbers

Go to magic.uploadvulns.thm