[WEB] Bypass file upload filter with .htaccess

I think you know what I am talking about. The “file upload” vulnerability is familiar for you ? Nice. So you know how it could be difficult to bypass protection to upload a webshell. I will show you a little technique to add to your test when you are trying to exploit file upload :) This technique is inspired from the challenge l33t-hoster of the Insomni’hack Teaser 2019 CTF

[CTF - Santhacklaus-2018] Netrunner

Netrunner is the second biggest challenge of the Santhacklaus 2018 CTF. The challenge is not really hard, but could be particulary annoying if you don’t know what to do. You need to have some skills in pentest web and medium skills in Linux system. The challenge is divided in 3 steps. Each step has its own validation password (flag). So let’s begin with the first step ! 1st step - You have a mission !

[CTF - Santhacklaus-2018] ArchDrive

ArchDrive is the biggest challenge of the Santhacklaus 2018 CTF and my favorite one. It’s divided in 5 steps of increasing difficulty. The challenge is not really hard, but particularly long and time-consuming. You need to have some strong skills in web pentesting, some basic skills in forensic and medium skills in Linux system. So, as you can see, the 5 steps have their own validation password (flag). Let’s start the challenge !