Monday, January 27, 2014

HackIM Web 500

Given the address:, find a key.

Immediately we think that it's directory traversal given the page=X in the URL. We attempt various combinations of /etc/passwd, /flag.txt, /key.txt and so on. We look around for a little while and found

on the index.php page. So we try that e.g. ?page=etc/flag and still get an error. Maybe they're checking for single forward slashes? Seems weird but we'll try to double up on the slashes

Pretty easy for a 500 point challenge considering that many people had a ton of issues with the 100 (we never finished it).

Flag: 2f0f7c516d268843341b3d2577ca744a

No comments:

Post a Comment