Glad you got it man!
did you get that “oh duh, now i remember and that makes sense” feeling like i get adter struggling and making things harder on myself when actually they are a lot eaier than i’m making them.
either way the important thing is not giving up and keep moving forward.
Also don’t try to rush through it, several times i made that mistake and had to go back through them.
I solved the exercise by changing the “Content-Type:” and adding the same MIME “GIF8” as indicated by the HTB Academy module. After that I used the word list generated by the bash script from the previous section “Whitelist Filters” where I added ‘.phar’ and ‘.phtml’ in the script:
With Burp (Intruder) you will find several correct options.
2 Likes
Hi Ezio thanks for the tip!
I was also getting the error message that there was something wrong with my image:
the image “SNIP/shell.jpg.PhP” cannot be displayed because it contains errors.
Is there someone who can explain to me why this errors comes up? I still dont quite understand the logic behind it and I would like to know why.
did you try mime?
Get the shell uploaded but cant get to the directory by cd … to get the flag. Any Idea ?
*Solved
The phpbash is not working for this one. I now used the shell from the section. That worked 
http://xxx.xx.xxx.xxx:xxxxx/profile_images/shell.png.phar?cmd=id
You sholuld add extension .png.phar when fuzzing , Because .phar can execute on server back-end
http://138.68.178.149:30169/profile_images/sun.png.phar?cmd=id
or
http://138.68.178.149:30169/profile_images/sun.png.phtml?cmd=id
find / -type f -name flag.txt -exec cat flag.txt {} ; 2>/dev/null
for read the flag.txt