Step by Step Hacking Website : Null Byte - Picture Upload

this is continuing my post about step by step hacking website,after discuss about sql injection,xss cookie stealer,cookie manipulation and RFI , now we will discuss about Null Byte, First of all, what is a ‘Null Byte’? A null character/null byte/null terminator is a character with a value of zero that is shown in the ASCII Charest. And, in programming languages (php included) the null byte is used as, what’s know as, a ’string terminator’.

When the null byte is read the string ends. The null byte is represented with ‘%00′ in php. We are able to harness the ‘power’ of the null byte to trick a picture upload form into letting us upload our own phpshell. There are allot of websites with image uploading features, so they are not hard to find. You can use the Google dork: “Upload Image” to find some of them.

 

Now that we have a target we are able to start exploiting.go to your targets upload page and click the ‘Browse’ button and navigate to a php shell.just for the sake of Proof of Concept, try to upload this file normally. You will get an error such as:

“We’re sorry, but the file you entered is using an extension that is not alloud. Images only please!”

We see from this that only images are supported - and a regular php shell will not wok. let’s browse to our shell again, but this time we will change the upload bar to look like this, adding in the nullbyte character:

C:\c99.php%00.jpg

When the script checks if our file it will see the .jpg and ’say’ “Yep, looks like an image to me” and upload it. Fortunately for us, when the file is actually uploaded it is uploaded with the .php extension because the null byte terminates anything after that. If it worked we will see:

“Thank you for uploading your pictures - view your file at /c99.php”

and you’re done, this post will be two section , the first will post about null byte picture upload and the second will be on exploiting cgi files using the null byte.so keep read my articles

 

 

Related Posts


[Read the rest on (it)gossips network: admin]

Don’t forget to checkout the following post too.
CGI Exploitation
Subscribe to Our FREE Newsletter Now:

Email Address
This entry was posted on March 26, 2008 at 5:57 am, filed under Uncategorized. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

3 Comments

  1. Bab
    Posted July 3, 2008 at 11:07 am | Permalink

    Hello
    Is there any body in the world that can hack this web site
    http://www.iaut.ac.ir
    I need adminstrator pass to change the website(this is IRANian website)
    please help me to hack thsi web site. :roll: :twisted:

  2. Blog Hoster
    Posted August 5, 2008 at 12:51 pm | Permalink

    You have a great blog with great info.Thankyou for shareing this.

  3. erick benard
    Posted October 9, 2008 at 10:10 pm | Permalink

    Dear sir,
    I’m erick adn i want to know how to hacking web php,
    could you tell more details.

    thanks

Leave a comment. Your email is never published nor shared. Required fields are marked *

*
*
Some people come to this post with this search term: hacking website, hack website admin, step by step hacking, null byte hack, steganography null bytes, file upload null byte, .ir "index of /" c99, 2 null bytes, php image upload hack, hacking file upload null byte, c99.php, "hack joomla" upload file, "index of" c99.php, "2 null bytes", 2 null bytes image, pearl null byte, hack php website, image upload hack php inject, upload php script to website hack it, stego null bytes, "Index of/"+c99.php, uploading image php hack, hacking upload php, hack websites .php script, php null byte, hack website file, hack website files, world picture upload site, php known hack c99, step to hack by RFI, joomla comment 3.2 hacking, upload image as php hacking, step by step how to hack joomla, hack website and change, sql null byte hack, NULL byte php, all, hack thsi site, hack website and change what it says, step by step joomla SQL injection, .php.jpg hack, how to upload c99 to image upload, null byte jpg shell, c99 php%00.jpg, step by step hacking website, form image upload hack, Null Byte - CGI Exploitation, php shell file upload hack, null hack, null character php file upload,