Giters

naivenom / insane

Insanity notes from CTF Challenges

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Insanity notes

by naivenom PKTeam

Vulnerability Category
Local File Inclusion. Basic (1) #ffff1a Web

Web

Local File Inclusion

Open the URL, after simple and quick directory bruteforcing we find a directory .git. We download the Index file: http://18.191.227.167/.git/index. We open that downloaded file using a Hex Editor and then we find an interesting folder/file!!

http://18.191.227.167/crystalsfordays/traversethebridge.php The hint is saying Note2: I can't seem to remember the param. It's "file" We use that file parameter and exploit it. It is an LFI Vulnerability (Local File Inclusion).

img

http://18.191.227.167/crystalsfordays/traversethebridge.php?file= We use this URL to exploit the vulnerability, and it becomes: http://18.191.227.167/crystalsfordays/traversethebridge.php?file=../../ We find too many files and the interesting one was TheEgg.html.

When we open that file: http://18.191.227.167/crystalsfordays/traversethebridge.php?file=../../TheEgg.html we get the flag!

Link

About

Insanity notes from CTF Challenges

License:GNU General Public License v3.0