User audit

Junior system administrator has a recurring task to do regular audit on users and administrators present on the server.

He has created a web application to help him with the task.

50pts

Use the weakness in the web application to read a secret file at /var/backup/secret.txt

When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar. I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with proper configuration, we can open the entire server file structure in this way.

So I opened the secret.txt file by adding ../../../backup/secret.txt to the address field

This also gave me the ticket.

• Firefox / Browser

ctftech{file-included}

• Back to CTF Challenges page