The hardest PHP challenge ever? Race To Win - Typhooncon CTF - Web

SSD: Quick handling | Generous rewards | Done discreetly
Check out SSD Secure Disclosure here: https://ssd-disclosure.com/

Or follow them on Twitter for security updates:   / securiteam_ssd  
Check out their YouTube as well:    / @ssdsecuredisclosure  

▶️ YouTube:    / pinkdraconian  
🎁 Patreon:   / pinkdraconian  
🐦 Twitter:   / pinkdraconian  
🎵 TikTok:   / pinkdraconian  
ℹ️ LinkedIn:   / robbe-van-roey-365666195  
📞 Discord: PinkDraconian#9907
📷 Instagram:   / robbevanroey  
🕸️ Website: http://pinkdraconian.d4rkc0de.com/
👨‍💻 HackTheBox: https://www.hackthebox.eu/home/users/...
🤖 Reddit:   / pinkdraconian  
☁️ Steam: https://steamcommunity.com/id/PinkDra...
🐈 GitHub: https://github.com/PinkDraconian


00:00 Introduction
00:20 SSD Secure Disclosure Sponsor
00:50 Checking out the index.php page
03:00 Playing around with the d parameter (DirectoryIterator)
04:00 Using the glob:// wrapper to enumerate filenames
06:30 Scripting the file enumeration
13:40 Checking out the enumerated files
15:30 Using the php:// wrapper to get the source of backup.config.php
18:30 Reading files on the filesystem using backupconfig
19:20 Getting RCE using PHP_SESSION_UPLOAD_PROGRESS
21:30 Starting PHP session and reading that file
25:00 Trying to get RCE in the backupconfig file
31:00 Using the zip://archive#.config.php wrapper
42:00 Outro