Webhacking.kr write-up: old-25
1 minutes to read| Link | point | tag |
|---|---|---|
| old-25 | 150 | LFI, PHP |
Hello there, welcome back to another webhacking.kr web-based CTF. Today’s challenge is about Local File Inclusion (LFI) and PHP wrapper.
There are 3 files in the local directory. As you can see, the page load hello.php as default. You will get nothing if you visit the index.php. My primary guess some of the code in the index.php is somehow unable to load.
As for flag.php, there are something hidden inside it. Perhaps a PHP code.
In my first attempt, I tried the Null-byte LFI attack by putting the following URL but didn’t yield any good results.
http://webhacking.kr:10001/?file=flag%00
After I stumbled across an interesting article, it seems that I could use a Base64 PHP wrapper for my LFI attack
http://webhacking.kr:10001/?file=php://filter/convert.base64-encode/resource=flag
The reason that I can’t work with the null-byte is that the PHP version of the server is higher than 5.3.4. Submit the answer to Auth to complete the challenge.
tags: webhacking.kr - lfi - phpThanks for reading. Follow my twitter for latest update
If you like this post, consider a small donation. Much appreciated. :)