Note: This is my personal website, and any views or opinions expressed on it are my own. Those views or opinions are not necessarily endorsed or supported by any police service I have been employed by: past, present or future.
I spent over 18 years in UK law enforcement, investigating numerous offences including fraud, domestic violence, terrorism, dark web and indecent images. In the latter part of my career, I provided cyber security advice to small and medium enterprise. I’m now a Senior Cyber Security Consultant in the private sector, and hold the ISACA Certified Information Security Manager (CISM) accreditation.
The majority of my technical knowledge is self-taught. My articles are not solely based on my cybersecurity qualifications, but on years of experience in responding when bad things happen to good people, helping them to pick up the pieces, figuring out the why and the how, trying to ensure that bad things don’t happen again and using what I’ve observed to try and stop the same bad things happening to other good people.
Thanks for dropping by.
Mr N00b0t
mrn00b0t 
Hello Mrn00b0t,
I am doing the HTB Acadeym File Inclusion final skills assessment and I got the admin page:
IP:PORT/ilf_admin/index.php
but I don’t know how to proceed with cmd execution. The PHP shell does not woth if I add the to the User Agent line in Burp.
Coudl you give me any hint or access to your page below?
https://mrnoobot.com/htb-academy-file-inclusion-directory-traversal-skill-assessment/
Thanks and regards,
Arpad
LikeLike
Hi Arpad, it’s a while since I did this challenge. I don’t want to give it away completely as I think you’re on the right track! Make sure you identify the injectable parameter correctly and then go back over the lessons. Is there something you can find out about the type of webserver and where it stores and processes certain information? Don’t waste effort attempting a shell – you’re looking for file disclosure (a flag) so stick to basic commands and explore the file system. I found this quite tough but I did get there in the end and I think you will too. Good luck!
LikeLike