Webhacking.kr challenge 28 writeup

Tram Ho


Link challenge

This article is quite good and difficult to upload files, because it requires knowledge of htaccess

Give yourself 2 suggestions as follows:

Đọc file /upload/oPp7SGzQPISX/flag.php chắc đọc được file này ra được flag

Gợi ý thứ 2 là file của bạn up lên sẽ ở /upload/oPp7SGzQPISX/

I tried upfile php but it didn’t work, after someone read only about htaccess and came back to do it, I flagged it.

What is Htaccess?

You can refer here htaccess

Htaccess is a file used to configure apache web server. It is accepted by the server as a component and allows us to flexibly navigate and enable features or to protect certain parts of the website. In the name .htaccess, htaccess is the extension and this file has no name (noname), so when you put this file on the host it is not always displayed.

Upload the .htaccess file

You upload a file and use the Proxy of the burp suite to block incoming requests.

Modify the request sent to upload the file .htaccess.

You can refer to the php_flag engine off

After successfully uploading the .htaccess file, you can now go to /flag.php file

And here is my result

I already submitted the flag and submitted it.


Hopefully, through this writeup you can understand a little more about .htaccess and about the file upload format when playing CTF

Share the news now

Source : Viblo