Search found 3 matches

Return to advanced search

Re: Trying to exploit file()/fileopen() php - CTF related  Topic is solved

Thanks for those suggestion, I found out it was a local file inclusion attack, so i exploited the file() by inputting file:///etc/passwd

Took me a bloody long time tho! The ones on OWASP used the traversal ones like ../../../../etc/passwd, which doesnt work
by j_ly
on Sun Feb 26, 2017 11:39 am
 
Forum: NZone
Topic: Trying to exploit file()/fileopen() php - CTF related
Comments: 2
Views: 21488

Trying to exploit file()/fileopen() php - CTF related  Topic is solved

I'm doing a CTF challenge and I think I kind of know what to do. There is an input which allows you to create, open and read a file in a the server's directory. It uses file(), and I've been trying to find a code injection attack. I've been searching and it says it is exploitable by adding HTTP head...
by j_ly
on Sat Feb 25, 2017 9:21 pm
 
Forum: NZone
Topic: Trying to exploit file()/fileopen() php - CTF related
Comments: 2
Views: 21488

Re: Forensic Mission 1

I would also like to vouch for TestDisk, just google "TestDisk dd files" to get started. Just completed the challenge, simple stuff!
by j_ly
on Tue Dec 27, 2016 6:31 pm
 
Forum: Forensic
Topic: Forensic Mission 1
Comments: 89
Views: 217902

Return to advanced search