Which tool are you referring to please ?
use *peas, or manually enumerate common directories.
Oh yes ! My bad I though you were referring to a tool that can help determining the URL of the uploaded file for the RCE 
For this you need to analyze the source code.
1 Like
Can someone please help me get the name of the file I uploaded?
I have tried to generate the filename using the source code I obtained but for some reason I canāt reach the file.
I have no idea what I am doing wrong.
someone give me somethingā¦ I found an im***.**p but itās blank and I have fuzzed both GET and POST parameters but nothing so farā¦
Just a quick question. Does the version of PHP affect the output of time(); function? Like, on my local machine, it doesnāt output it as float, but as an integer. How to determine if the same is happening on the server? I think itās kind of trivial for the uploaded file names.
@mostwanted002 from the manual I think that the time function always returns an integer.
For those who are stuck finding the name of the file, donāt make the assumption that the time function will return the same value in any computer.
Thanks, and yes I did consult the manual and blog posts too. And you are quite close I guess since time() will always return the same value regardless of the ti**z**e Source
Itās the other function that is dependent since it works on microseconds that are elapsed. Source code for that function clears that up
do {
(void)gettimeofday((struct timeval *) &tv, (struct timezone *) NULL);
} while (tv.tv_sec == prev_tv.tv_sec && tv.tv_usec == prev_tv.tv_usec);
got user, en route to root.
It was hard without the proper hints, so anyone who is struggling upto user can DM me
1 Like
Thanks to @randomguy222 for helping me out to get a foothold. It was such a silly oversight.
User: Once you get a foothold, start with basic enumeration, you might come across some useful data in very obvious folders.
Root: This has nothing to do with timing. Observe what is happening, and read documentation. Also do not overlook file permissions!
1 Like
Hi good morning, evening or night, I have spent some days trying to find the right way to find the user, I got the password and I reviewed system files looking for the user but this didnāt work to me.
Iām little stuck =( ,any suggest?
I sent you pm
help me to upload a jpg file with php code in it i am trying but didāt get RCE
Rooted. It was hard without the hints in this forum. Hope this helps someone still trying hard.
Foothold: There are a couple of bugs in the source codes. Reproducing the function locally gave me something I was not aware of.
Root: You can identify what you are running. There was a clue in the documentation for me to find the right track.
Im in the same boat.
some clue? still stucked in the fuzzing, there is something here I donāt knowā¦ 
With the exception of timing being mysteriously off/shifted by 1167 seconds, itās a nice box. Iāve picked up a few things. Advice for rooting, make a pause, think about the available options.
Iām having a hard time figuring out what Iām supposed to use my ability to create r*** owned files for. Could someone give me a nudge?