HackTheBox Zipping

00:00 - Introduction 01:00 - Start of nmap 02:50 - Discovering a likely LFI in but cannot use filters, likely because there is a file_exists() check 05:30 - Playing with the File Upload functionality 08:40 - Talking about the PHAR wrapper in PHP, showing it will bypass the file_exist and we can go into the ZIP to bypass the .pdf check 10:55 - Uploading the phar archive, and getting RCE through the LFI and PHAR wrapper 16:40 - Showing the intended File Disclosure vulnerability, by uploading a zip with a symlink 18:00 - Creating a python script to automate the file disclosure vulnerability, making it easier for us to download files 28:30 - Script completed, looking at the PHP Code, then showing another unintended solution with a zip file and null byte 37:30 - Explaining what happened with the null byte 40:00 - Showing the intended solution with the null byte, talking about how we can bypass this regex with CRLF Injection due to lack of multi-line 48:00 - Dumping the