Thailand Cyber Top Talent 2022 – CTF THAILAND
Writeup!! Web-challenge02
1st step : survey target website and guessing how to find flag?
first page have form for upload file… Ok let’s check!!
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-01.png)
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-02.png)
2nd step : After test uploaded file then show path upload.
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-03.png)
3 : Path Upload can list directory and files.I saw PHP file (Interesting).
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-04.png)
4 : Let fun with backdoor php file 🙂 use command ls and ls to find flag
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-05.png)
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-06.png)
Final : Yessssss!!! I found it.
![](https://www.engiblog.com/wp-content/uploads/2022/10/web02-07.png)
flag : tctt2022{Vuln_F!l3_IpL0@d}