Post

TryHackMe - Lo-Fi

Posted Updated
By Aleksander Bø 1 min read

Description of CTF Lo-Fi from TryHackMe

Want to hear some lo-fi beats, to relax or study to? We’ve got you covered! Navigate to the following URL using the AttackBox: http://MACHINE_IP and find the flag in the root of the filesystem.

img-description

Visiting the website provided we are presented with this. img-description

The description hints towards using path traversal and that the file is in the root of the filesystem. In linux this would be /

By clicking any of the links and inspecting the network request, we see that the there is a parameter that specifies a file http://10.10.67.232/?page=relax.php This opens up for path traversal as we can edit the parameter. Also looking at the network request that is sent, we can identify that the server is running Apache. img-description The default directory for web content is var/www.html. Thus if we include the following escape sequence ../../../flag.txt we should be able to move up in the directory to the root directory and access the flag file. img-description

CTF Challenges
Web Exploitation Path Traversal TryHackMe Directory Traversal Apache Network Analysis
This post is licensed under CC BY 4.0 by the author.