bean

Challenge Information

Category: Web Security
Level: medium
Points: 50

description

Come back home Mr. Bean.

Solution

after access the lab we open it browser

okay let's go to brute-force directory using dirsearch

okay we have good findings , now open this link

well , Let’s try to using Path Traversal attack

pay load ⇒ http://wlemyw93xjyc7zr8r4gvmkxal3dmm73p4y52iqvq-web.cybertalentslabs.com/files/../../../../etc/passwd

bad thing it doesn't work and the good thing we now know the web server in nginx and know it's maybe vuln with alias_traversal what is alias dir ? okay The alias directive is used to replace path of the specified location. so by the we now try put two dots before the slash like ../,final path is example.com/name../,in our case it's files../, now we go to try it.

last thing to find the path of flag ,I searched for it a lot before. You can do that, but for now I will say the path directly. well path is /files../home/flag.txt

for more info about alias ⇒ https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md

PreviousSearching for the cookie NextMaximum Courage

Last updated 8 months ago