Roten

The iMoS is responsible for collecting and analyzing targeting data across various galaxies. The data is collected through their webserver, which is accessible to authorized personnel only. However, the iMoS suspects that their webserver has been compromised, and they are unable to locate the source of the breach. They suspect that some kind of shell has been uploaded, but they are unable to find it. The iMoS have provided you with some network data to analyse, its up to you to save us.

Wireshark

http.request.method == "POST"

1929    292.666144  146.70.38.48    172.31.9.156    HTTP    286 POST /map-update.php HTTP/1.1  (application/x-php)

Extract galacticmap.php

nano galacticmap.php

Change

eval( $bhrTeZXazQ )

to

echo $bhrTeZXazQ;

Run:

php galacticmap.php

##flag = HTB{W0w_ROt_A_DaY}

Nice.