Bypassing File Upload Restriction using Magic Bytes

By /

Listen to this Post

In cybersecurity, bypassing file upload restrictions is a common technique used during penetration testing. One method involves using “magic bytes,” which are the first few bytes of a file that identify its type. For example, a JPEG file’s magic bytes are FF D8 FF E0. By adding these bytes to the beginning of another file (e.g., an HTML file), you can trick the system into treating it as a JPEG, bypassing upload restrictions.

You Should Know:

Here are some practical commands and techniques related to this method:

1. Adding Magic Bytes to a File:

Use `echo` or a hex editor to add magic bytes to a file.

echo -ne '\xFF\xD8\xFF\xE0' > fake_image.jpg
cat original.html >> fake_image.jpg

2. Checking File Type:

Use the `file` command to verify the file type.

file fake_image.jpg

3. Hex Dump Analysis:

Use `xxd` to view the hex dump of a file.

xxd fake_image.jpg | head

4. Bypassing Upload Restrictions:

Test the file upload functionality on a target system to see if it accepts the modified file.

5. Linux Command to Extract Magic Bytes:

Use `dd` to extract the first few bytes of a file.

dd if=real_image.jpg bs=1 count=4 | hexdump -C

6. Windows Command to Check File Signature:

Use PowerShell to check the file signature.

Get-Content -Encoding Byte -TotalCount 4 fake_image.jpg | Format-Hex

7. Automating Magic Byte Injection:

Write a Python script to automate the process.

with open('fake_image.jpg', 'wb') as f:
f.write(b'\xFF\xD8\xFF\xE0')
with open('original.html', 'rb') as h:
f.write(h.read())

What Undercode Say:

Bypassing file upload restrictions using magic bytes is a powerful technique in penetration testing. It highlights the importance of proper file validation on the server side. Always ensure that your systems validate both the file extension and the file content to prevent such exploits. Here are some additional commands to secure your systems:

  • Linux Command to Validate File Type:
    if file upload | grep -q "JPEG"; then echo "Valid JPEG"; else echo "Invalid File"; fi

  • Windows Command to Restrict File Uploads:

    Get-ChildItem -Path "C:\Uploads" | Where-Object { $_.Extension -notin @(".jpg", ".jpeg") } | Remove-Item

  • Linux Command to Monitor Uploads:

    inotifywait -m -e create /path/to/upload | while read path action file; do file "$path$file"; done

For further reading, check out this article on File Upload Vulnerabilities. Stay secure and always validate your inputs!

References:

Reported By: Zlatanh Bypassing – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

Whatsapp
TelegramFeatured Image

Related Posts: