Tuesday, April 10, 2018

Byte Bandits CTF - R3M3MB3R Writeup

by Guilherme "k33r0k" Assmann

Byte Bandits CTF - R3M3MB3R Writeup

The following page was given by the task:

Without second thoughts, it’s clear this is about an LFI so I took the straightforward approach:

The source code of eg.php had nothing useful, so I tried index.php instead and found a filter. After some attempts on getting the index.php source code without success, I decided to try other ways, like Apache’s logs.

Some hours went by and the log infecction attempts were unsuccessful, because the URLs in the log files where URL encoded. Then an idea on trying to infect the log files through the User-agent came up, via “Alisson Bezerra”. And that worked…

Capture the Flag , Writeup