(n) - Reverse Shell Signature Bypass | Notion

IP Address: 172.25.200.200

Port 9001

Want to run this Docker container locally?

docker run -d -p 9001:80 --restart always --name ctf-mime-challenge-flag-n joshbeck2024/ctf-rev-shell-mime-flag-n

If you haven’t done Flag B yet, you should definitely do that first.

We’ll utilize the same code with a minor change.

If we try to upload our `shell.php` file from Flag_B to this web server, we get an error:

This time the web server is checking to see whether or not we are uploading a valid `GIF` file.

In this case, it checks whether the file signature (MIME Type) matches that of a GIF file. Fixing file signatures in a Hex editor is something all of the 9th-grade students have done with the hexed.it website, but we can also modify simple text files like our `shell.php` file just using `Nano`.

First, let’s look up what the file signature should be for a `.gif` file:

<https://www.garykessler.net/library/file_sigs_GCK_latest.html>

Use CTRL-F and search for ‘GIF’:

Untitled

We can see that a file like this should start with GIF87a. Let’s add this to the top of our `shell.php` like this: