🪣
_voidCTF - Write Ups
  • results for bucketCTF 23
  • Web
    • Ping check
    • Gif
  • Crypto
    • Search-0
    • Search-1
    • TBDLCG
  • AI
    • Codewriter 1
    • Codewriter 2
    • Codewriter 3
    • LLMagic 1
    • LLMagic 2
    • LLMagic 3
  • Rev
    • Random security
    • Apps
  • Pwn
    • Never Called
    • Starting place
  • Misc
    • Transmission
    • Minecraft
    • Minecraft 2
    • Image 2
    • Discord
    • Survey
Powered by GitBook
On this page

Was this helpful?

  1. Web

Gif

WEB HARD - 260

PreviousPing checkNextSearch-0

Last updated 1 year ago

Was this helpful?

We are given a site to upload gifs, since i do not want to bother with creating a reverse shell to connect to me a created a file that should allow me to use a shell disguised as .gif.php

After uploading the file i go to the file in the /uploads dir as i have learned before from uploading a normal gif that the server is putting the files in the /uploads folder, and add the ?cmd= behind it with the command i want to use, it seems the flag is in the / directory, so i just used the cat /flag.txt command to get the flag.

The file i used to get the shell in the text editor, aswell as the url i used to get the flag on the right side.

Page cover image