Health check

This is a healt care systems web page where you can upload your certificates for verification. 100pts

Investigate the application, find if there are any vulnerabilities and read the flag from /var/backup/secret.txt

I first tested how the website works and found that you can upload .php files. I then tried using the gobuster application to find the file I had sent and found that it was sent directly to the root folder of the webpage.

I sent the php reverse shell via the web page. I started the netcat application on the virtual machine to listen on port 1234 and opened the reverse.php file in the browser.

I got into the system and ran the command cat /var/backup/secret.txt which printed the correct flag.

• Php revese shell
• netcat
• cat

ctftech{3593e215-63f2}

• Back to CTF Challenges page