Challenge Name: Black Inc.

Black Inc is a file sharing website, however the file uploads was disabled by an administrator, can you change that or find a bypass?

Let’s check the page source. I found nothing important — just some basic code. So, let’s navigate to the login page in the navbar and see what we can find. I checked the page source of login.php, but there’s nothing significant there either :(

Okay, if we go back to the main page, we will see that in the upload file section → Error! Sorry, file uploading has been disabled by the administrator! So, should I bypass the login page with a brute-force attack, or is there a trick that will lead me to the flag?

I used sqlmap to search for any sql injection in the login.php page by running the following command: sqlmap -u “http://wcamxwl32pue3e6mxmdvw15h1358qyz8wqrwf9vw-web.cybertalentslabs.com/login.php" — forms — batch — crawl=2 — level=5 — risk=3

This command will:

• --forms: Scan the forms for vulnerabilities.
• --batch: Run sqlmap in non-interactive mode (auto-confirm prompts).
• --crawl=2: Crawl 2 levels deep for more links.
• --level=5: Run a more extensive test with high coverage.
• --risk=3: Run riskier but more potent tests.

But in the end, it might not be injectable, so I stopped the tool and tried to think outside the box. I studied the CURL tool and realized that I could upload files to a specific URL using it. So, I asked ChatGPT to craft a simple HTML code:

Purpose of the Code:

User Interaction: The primary purpose is to provide a user interface for uploading images to a specified server endpoint, In summary, this code creates a basic web form for uploading images to a server, and ofcourse we created it and will upload it to let the other users to upload images and this is the challenge because the administrator disabled it.

And of course, I used my sweet CURL to upload it.

command: curl -F “file=@upload.html” “http://wcamxwl32pue3e6mxmdvw15h1358qyz8wqrwf9vw-web.cybertalentslabs.com/"

-F "file=@upload.html": This specifies that you are uploading the upload.html file. Make sure this file is in the same directory where you are running the curl command.

So let’s See Our Results !

We ‘ve Got Our Flaaaaaag → Here is the flag: 6b768890756adf11a9b6bc3c0f816129

Yeah, bro, it’s like a piece of cake when you have a good knowledge of the CURL tool.

I hope you benefit from my write-up, and I look forward to seeing you in the next Challenge!