📌 Info

This lab contains a vulnerable image upload function. Certain file extensions are blacklisted, but this defense can be bypassed due to a fundamental flaw in the configuration of this blacklist.

🎯 Goal

• Upload a basic PHP web shell.

• Use it to exfiltrate the contents of the file:

  /home/carlos/secret
  

• Submit this secret using the button provided in the lab banner.

🔑 Credentials

You can log in to your own account using:

wiener:peter

💡 Hint

You need to upload two different files to solve this lab.

📝 Steps

1. Understanding the Blacklist

• From the description, PHP-related extensions are blocked.
• I thought: what happens if we change this configuration?
• To change the server’s configuration, we need to upload a file with the same name as the configuration file used by Apache.