User audit: Difference between revisions
Created page with "===Description=== ===Question=== ===Solution=== ===Tools=== ===Flag=== ===Links=== * Back to CTF Challenges page" |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[File:User-audit-task.PNG|thumb|User audit task]] | |||
[[File:User-audit-flag.PNG|thumb|User audit flag and url parameters]] | |||
===Description=== | ===Description=== | ||
Junior system administrator has a recurring task to do regular audit on users and administrators present on the server. | |||
He has created a web application to help him with the task. | |||
50pts | |||
===Question=== | ===Question=== | ||
Use the weakness in the web application to read a secret file at /var/backup/secret.txt | |||
===Solution=== | |||
When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar. | |||
I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with the right formatting of the address parameter we can also open files outside the www folder from the server. | |||
So I opened the secret.txt file by adding <code>../../../backup/secret.txt</code> to the address field | |||
This also gave me the ticket. | |||
===Tools=== | ===Tools=== | ||
* Firefox / Browser | |||
===Flag=== | ===Flag=== | ||
<code>ctftech{file-included}</code> | |||
===Links=== | ===Links=== | ||
*[[CTF Challenges | Back to CTF Challenges page]] | *[[CTF Challenges | Back to CTF Challenges page]] | ||
Latest revision as of 11:36, 30 September 2022
Description
Junior system administrator has a recurring task to do regular audit on users and administrators present on the server.
He has created a web application to help him with the task.
50pts
Question
Use the weakness in the web application to read a secret file at /var/backup/secret.txt
Solution
When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar.
I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with the right formatting of the address parameter we can also open files outside the www folder from the server.
So I opened the secret.txt file by adding ../../../backup/secret.txt to the address field
This also gave me the ticket.
Tools
- Firefox / Browser
Flag
ctftech{file-included}
