User audit

From Pessin randon wiki
Revision as of 11:36, 30 September 2022 by Exf (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
User audit task
User audit flag and url parameters

Description

Junior system administrator has a recurring task to do regular audit on users and administrators present on the server.

He has created a web application to help him with the task.

50pts

Question

Use the weakness in the web application to read a secret file at /var/backup/secret.txt

Solution

When I opened the web page, I noticed that the links open txt files on the web page and the parameters are sent with the GET command. This is shown in the browser address bar.

I immediately set off to see how the program would work if I used the ../ command to navigate the folder. After testing for a while, I found that with the right formatting of the address parameter we can also open files outside the www folder from the server.

So I opened the secret.txt file by adding ../../../backup/secret.txt to the address field

This also gave me the ticket.

Tools

  • Firefox / Browser

Flag

ctftech{file-included}

Retrieved from "https://wiki.pessinurmi.com/index.php?title=User_audit&oldid=318"