User audit: Difference between revisions
Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" |
No edit summary |
||
| Line 1: | Line 1: | ||
===Description=== | ===Description=== | ||
Junior system administrator has a recurring task to do regular audit on users and administrators present on the server. | |||
He has created a web application to help him with the task. | |||
50pts | |||
===Question=== | ===Question=== | ||
Use the weakness in the web application to read a secret file at /var/backup/secret.txt | |||
===Solution=== | |||
When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar. | |||
I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with proper configuration, we can open the entire server file structure in this way. | |||
So I opened the secret.txt file by adding <code>../../../backup/secret.txt</code> to the address field | |||
This also gave me the ticket. | |||
===Tools=== | ===Tools=== | ||
* Firefox / Browser | |||
===Flag=== | ===Flag=== | ||
<code>ctftech{file-included}</code> | |||
===Links=== | ===Links=== | ||
*[[CTF Challenges | Back to CTF Challenges page]] | *[[CTF Challenges | Back to CTF Challenges page]] | ||
Revision as of 11:32, 30 September 2022
Description
Junior system administrator has a recurring task to do regular audit on users and administrators present on the server.
He has created a web application to help him with the task.
50pts
Question
Use the weakness in the web application to read a secret file at /var/backup/secret.txt
Solution
When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar. I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with proper configuration, we can open the entire server file structure in this way.
So I opened the secret.txt file by adding ../../../backup/secret.txt to the address field
This also gave me the ticket.
Tools
- Firefox / Browser
Flag
ctftech{file-included}
