@masterrabbit said:
@TheRealHooz said:
@masterrabbit said:
Can anyone give me a hint to start with, my 2nd box ever and just need a nudge in the right direction.go to the webpage, read the outputs of the scripts(look for something obvious in one of them). after that come here read through these pages and research the hints others have given.
Yeah tried that, still lost… I know its some form of LFI however none of my attempts to inject a nc shell are working…
there is the hidden file that is encoded but dont know what to do with that
Decoding this file should be pretty BASEic. Get the user through LFI… read this > File inclusion vulnerability - Wikipedia.