5_6116214707188663133mp4 -

Here is a general write-up structure based on common "write-up" scenarios found in cybersecurity challenges, using the pattern of analyzing file uploads and server vulnerabilities: 1. Overview

Upload a malicious file (disguised as an .mp4 ) to achieve Remote Code Execution (RCE) and retrieve the flag. 2. Investigation

Used the shell to run cat /flag.txt to retrieve the hidden flag. 5_6116214707188663133mp4

Navigated to the uploaded file URL (e.g., /upload/5_6116214707188663133.php ) to execute the shell.

Upon analyzing the provided source code or behavior, it was identified that the website allows users to upload files to a /upload directory. Here is a general write-up structure based on

The malicious file was uploaded through the vulnerable form.

The .htaccess file was manipulated to treat files with specific extensions as PHP, or the upload filter was bypassed by changing the filename to match accepted patterns. Investigation Used the shell to run cat /flag

The application attempts to filter file extensions, but the .htaccess file configuration is improperly configured, allowing for unexpected file extension handling (e.g., accepting x-httpd-php ).