Mzeeav 🔸

Enumeration

Web server shows a simple app that analyzes a file that you can upload.

Uploading a file

Feroxbuster finds a /backups folder with a zip of the project.

It only checks the first four bytes so we can add it to a reverse shell php.

We find a fileS in /opt with suid that is the same as find command. So search find in gtfobins.

Get the flag