FireShell Security Team
Home Team Articles Sponsors About

Byte Bandits CTF - R3M3MB3R Writeup

Byte Bandits CTF - R3M3MB3R Writeup

The following page was given by the task:

Without second thoughts, it’s clear this is about an LFI so I took the straightforward approach:

The source code of eg.php had nothing useful, so I tried index.php instead and found a filter. After some attempts on getting the index.php source code without success, I decided to try other ways, like Apache’s logs.

Some hours went by and the log infecction attempts were unsuccessful, because the URLs in the log files where URL encoded. Then an idea on trying to infect the log files through the User-agent came up, via “Alisson Bezerra”. And that worked…

© 2017 - 2018 FireShell Security Team. All rights reserved.