# Part. 1 - Uploads
**Category:** WEB - **Points:** 200 - **Solves:**\
**Description:**\
Find a way to control the server.\
This step is the result of a three-part challenge.\
\&#xNAN;*It is reset every 30min, so the platform may be unavailable for a few seconds.*\
Link :
**Solution:**\
To solve this challenge you need to find a way to control the server and find the flag.\
To find a "vulnerability" we can try to find the open ports on the server.\
To do that, we use the NMap tool with the `nmap 51.255.172.76` command. The results are displayed 1 minute later :\
\
So there are 4 open ports that we can use.\
After some search I found a vulnerability (misconfiguration) on the FTP port where we can connect with the *anonymous* infos.\
We can try to connect on the FTP port server with the command : `ftp 51.255.172.76` and the credentials : `anonymous:anonymous`\
When we are connected to the server we can upload a [webshell](https://github.com/flozz/p0wny-shell) whith this command : `put shell.php` and we are allowed to access directly to all files server.\
When the webshell is ready we can use them and find the file who contain the flag.\
With just a simple `ls` command we can see the *fLaG1.txt* file.
🚩 FLAG
```
HACKDAY{159753iKGJHORSFGDHTAQS3215}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://writeups.ayweth20.com/2022/hackday-qualifications/web/part.-1-uploads.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.