This is a basic web challenge consisting of 5 flags. I ran it on Virtualbox with bridged mode. This app doesn’t require kali os. You can do it on windows as well.
NOTE: I put this code in j3.php file and uploaded it. At first It wasn’t uploading and when I checked in burpsuite it was adding .jpg in the end of the file so I used null injection “j3.php%00.jpg” to trick the machine and I successfully got this file uploaded.
9. With this file uploaded, I can inject OS commands and hence execute them.
10. I ran this command to go one directory back and list the files in there:
192.168.0.106/uploaded_files/j3.php?kus=ls %% cd ..
I tried to visit flag.txt but I wasn’t permitted to view the file, So got a forbidden message. I then open hint.txt file which got me to the 3rd flag.
The hint is pretty forward.
11. The hint tells us that the flag.txt file need us to be technawi and for that we need it’s password. So the first thing I need to do is to find its password. But How? What I knew was that I can find it only under that user. So I tried this command.