6 Videos for API to Shell

PRO
Tier
difficulty_hard_icon
Hard
clock icon
2-4 Hrs.
number of users completed icon
3447
image of exercise API TO SHELL: Introduction
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
API TO SHELL: Introduction

In this video, we explore the functionalities of the Api to Shell application, including actions like Register, Login, List of files, Retrieve a file, and Upload a file. We also demonstrate how to use curl with an HTTP proxy and Burp to interact with the API.

video duration icon03:23 number of views icon8195

 

image of exercise PHP comparisons
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
PHP comparisons

In this video, we delve into the differences between strict and loose comparisons in PHP. You'll learn how these comparison methods can yield different results when comparing integers and strings, and why understanding this distinction is crucial for secure coding.

video duration icon02:04 number of views icon5749

 

image of exercise Signature bypass
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Signature bypass

In this module, we explore how to bypass digital signature checks by exploiting loose comparison vulnerabilities in web applications. We'll demonstrate how to manipulate request parameters to retrieve arbitrary files from the server.

video duration icon05:43 number of views icon6475

 

image of exercise Recovering the source code
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Recovering the source code

In this video, we explore how to recover the source code of an application to perform a security audit and identify vulnerabilities. By retrieving and analyzing key files, we aim to achieve code execution on the server.

video duration icon05:39 number of views icon6737

 

image of exercise Code review
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Code review

In this video, we delve into the process of conducting a code review on a PHP application. We uncover various aspects of the application's authentication mechanism, specifically focusing on tokenization and serialization vulnerabilities.

video duration icon07:11 number of views icon6051

 

image of exercise Exploitation of unserialize
play btn
Access to videos for this exercise is only available with PentesterLab PRO GOPRO
Spoiler
Exploitation of unserialize

In this video, we explore the exploitation of PHP's unserialize function. By sending a malicious serialized object, we can create a file with arbitrary content on the server, leading to potential code execution.

video duration icon08:31 number of views icon7923