Is any can help out to give me direction? I really don’t get it on the question “Find the flag by using a Webshell.” even with Hints, I barely not knowing it.
Please help out to give me direction.
Spoiler Removed
hmm spoiler removed.
Yeah - I dont know why it was flagged as a spoiler.
I haven’t looked at this box, so I don’t see how anything I suggest would spoil it for people.
Basically from what you’ve put it looks like the path would be to upload a webshell, or exploit one already there, then use the file system commands to find the thing you are looking for.
I was under the impression that the Academy was to provide more structured learning and guidance than the main boxes. I appear to have been mistaken.
my 2 cents, may be by this time you might already be an expert Bibichan, but for future noobs like me, the task is asking us to upload a program via the sql file; so we write a php program onto the box, and call it via the url. the name in between the is a variable, that you can reference in the url. for example $_REQUEST[0], you can replace this with anything and pass into the URL. so your url would become, .xyz Domain Names | Join Generation XYZ, and it will be executed.
march 9… is a long time ago but just follow the module und think hard about in which directory you “output” the webshell and what the hint says…
hopefully that will do the trick
best of Luck
Porta
Thanks, I didn’t realize this was being used as a variable!