Shell - SMP CTF 2024 - Selection Round

Posted on January 1, 2025 by rahisec

while analyzing the tcp packets I searched a keyword flag found a traffic where the attacker already got a shell and running arbitrary commands. there the attacker was enumerating about system and searching for something. there i saw a php file called Simple-Backdoor-One-Liner.php was present.

so as the challenge required the shell file name and the parameter, i searched it on wireshark with a ? in the end so that i can find out the specific request which contains the parameter.

And Here we got the parameters name which was cmd