GeorgeBanu
  • About me
  • Pentesting CheatSheets
    • Information Gathering
    • Ports Enumeration
      • FTP-21
      • SSH-22
      • Telnet-23
      • SMTP - 25,465,587
      • DNS-53
      • NetBIOS, SMB - 139,445
      • SNMP-161
      • MySQL-3306
      • RDP-3389
      • WinRM-5985
    • Web Cheat Sheet
    • Privilege Escalation
      • Linux Enumeration
      • Linux Privesc Techniques
    • Tricks
    • Template
  • TryHackMe Writeups
    • Starter
    • Dreaming
    • ColddBox: Easy
    • Ollie
    • Blog
    • KoTH Hackers
    • Brooklyn Nine Nine
    • Chill Hack
    • Undiscovered
    • Archangel
    • Jason
    • GLITCH
    • VulnNet: Node
    • Road
    • VulnNet:Internal
    • W1seGuy
  • CyberEDU Writeups
    • flag-is-hidden
    • file-crawler
    • reccon
    • this-file-hides-something
    • wifiland
    • old-tickets
    • inodat
    • pattern
    • ultra-crawl
  • eJPT
Powered by GitBook
On this page
  1. CyberEDU Writeups

file-crawler

Find the vulnerability and get the flag. The flag is located in a temporary folder.

Previousflag-is-hiddenNextreccon

Last updated 1 year ago

First of all visit the site and see how it looks like. This is a basic web page, and if you see the source code you will find the source path of image. I access the image and then I try some local file inclusion payloads to see the content of another file in the local machine.

Local File Inclusion(LFI) it is a common vulnerability that permits to see the content of a file on a local machine.

After some tries I received the flag using a filter bypass trick. In description said the flag is located in a temporary folder, so it might be /tmp/flag

http://34.159.187.220:32586/local?image_name=....//....//....//....//....//....//tmp/flag

Flag

CTF{0caec419d3ad1e1f052f06bae84d9106b77d166aae899c6dbe1355d10a4ba854}

Resources

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/File%20Inclusion/README.md#file-inclusion
WSTG - v4.2 | OWASP Foundation
Logo