Ss1deins1de.hashnode.dev·Feb 8 · 12 min readArchangel Writeup: Log Poisoning and $PATH Hijacking on TryHackMeCredits Room: “Archangel”Creator: Archangel Introduction The Target: Exploiting LFI to get RCE via Log Poisoning The Problem: The default ../ path was filtered by the server when trying to exploit the LFI The Tools: RustScan, Feroxbuster & FFUF ...00
Ss1deins1de.hashnode.dev·Feb 1 · 9 min readBypassing PHP Security with LD_PRELOAD and Chankro on TryHackMeCredits Room: “Bypass Disable Functions”Creator: stuxnet Introduction The Target: Bypassing disabled PHP functions to get RCE and the flag The Problem: Most “easy” shell functions, like system, exec, and shell_exec, were blocked by the server’s dis...00