📌 Info

This lab contains a vulnerable image upload function. Although it checks the contents of the file to verify that it is a genuine image, it is still possible to upload and execute server-side code.

🎯 Goal

• Upload a basic PHP web shell.

• Use it to exfiltrate the contents of the file:

  /home/carlos/secret
  
  

• Submit this secret using the button provided in the lab banner.

🔑 Credentials

You can log in to your own account using:

wiener:peter

📝 Steps

1. Understanding the Check

• From the description, the lab verifies whether the uploaded file is a real image by checking its file signature (magic bytes).
• To bypass this, we can prepend a valid image signature to a PHP file.

2. Choosing a File Signature

• I searched for common file signatures and decided to use a GIF file signature:

  GIF89a