File Inclusion-LFI and File Uploads

GPS · April 11, 2022, 1:30pm

I can’t find the flag, please help me.

onthesauce · April 11, 2022, 1:44pm

Have you gotten RCE on the machine?

GPS · April 11, 2022, 2:12pm

Yes

onthesauce · April 11, 2022, 2:19pm

Have you listed the / directory with ls?

Take care when assuming every flag will be named flag.txt, I totally spent 20 minutes the other day in the same situation.

GPS · April 11, 2022, 2:32pm

I listed all the directories, but I didn’t find flag.txt

onthesauce · April 11, 2022, 2:43pm

@GPS, Take note of what I said and try listing the / directory again. Look for something that doesn’t belong.

Feel free to DM me and I will help you further.
-onthesauce

bhatty · October 22, 2022, 4:10pm

I listed the / directory using ls / command, am not able to get your hint- Look for something that doesn’t belong. Am able to see a file named GIF82f40d853e2d4768d87da1c81772bae0a.txt in / directory… I used cat GIF82f40d853e2d4768d87da1c81772bae0a.txt to read the contents, but am not able to… please help me further

onthesauce · October 22, 2022, 5:27pm

It sounds like you are attaching the magic bytes to the file name. Remove the GIF8:
cat 2f40d853e2d4768d87da1c81772bae0a.txt

bhatty · October 22, 2022, 5:38pm

I did try thi sway,but I could see only GIF8 when I cat 2f40d853e2d4768d87da1c81772bae0a.txt, there is no flag

bhatty · October 22, 2022, 5:42pm

Thanks for the hint… was missing / infront of txt file… Hence solved the entire module…

onthesauce · October 22, 2022, 5:43pm

Nice, glad you got it! Just take that pic off though because it contains the flag!!!
-onthesauce