In this lab we have to upload the php file to read contents from /home/carlos/secret but we can’t directly just upload the php file as it only allows jpeg and png image file , so we can bypass this by changing the Content-Type header.

Web shell upload via Content-Type restriction bypass

Hello everyone , I hope you are doing well , in this post I will be sharing my walkthrough for HTB Bounty hunter machine , which is an easy linux box ,there were only 2 ports on this machine , ssh and http. On the webserver there was a bug…

Hello everyone , I hope you are doing well , in this post I will be sharing my writeup for HTB-Spider machine which was a hard linux box , starting with the nmap we had only two ports ssh and http , the webserver had a page where input field…

Hello everyone , I hope you are doing well , in this post I will be sharing my writeup for HTB Dynstr machine which was rated as medium level difficulty, starting with the reconnaissance phase we discovered 3 ports ssh, dns and http out of which only http was interesting…

Hello everyone , I hope you are doing well , On 5th October , Snyk CTF ran from 9:00 am — 7:00 pm ET , I didn’t really solve majority of challenges due to less time but the ones and I did will be sharing with you. The whole CTF…

Hello everyone , in this post I will be sharing my writeup for THM:Lockdown room , which was medium difficulty machine having 2 services running , ssh and http. The web server was having a login page what we bypassed with sqli and managed to access the dashboard , afterwards…

In this post , I will be sharing my writeup for THM Empline room , which was a medium difficulty machine , This machine had ssh ,mysql and web server running ,the foothold was related to finding a subdomain on which a vulnerable version of opencats was running , which…

ARZ101

BS CS undergraduate | CTF Player

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store