PicoCTF-2022 Writeup
Search…
PicoCTF-2022 Writeup
README
Binary Exploitation
buffer overflow 1
buffer overflow 2
buffer overflow 3
flag leak
function overwrite
ropfu
stack cache
x-sixty-what
Cryptography
basic-mod1
basic-mod2
diffie-hellman
morse-code
NSA Backdoor
Sequences
substitution
Sum-O-Primes
Very Smooth
Forensics
Operation Oni
Operation Orchid
SideChannel
St3g0
Torrent Analyze
Reverse Engineering
Bbbbloat
Keygenme
unpackme
Wizardlike
Web Exploitation
Forbidden Paths
noted
Roboto Sans
SQLiLite
Powered By GitBook
Forbidden Paths

Challenge

Can you get the flag? Here's the website. We know that the website files live in /usr/share/nginx/html/ and the flag is at /flag.txt but the website is filtering absolute file paths. Can you get past the filter to read the flag?

Solution

Use a relative path to get up to / and then access flag.txt: ../../../../flag.txt. We know to go up 4 directories because /usr/share/nginx/html/ is 4 subdirectories from /. Clicking "Read" displays the flag.

Flag

picoCTF{7h3_p47h_70_5ucc355_6db46514}
Reverse Engineering - Previous
Wizardlike
Next - Web Exploitation
noted
Last modified 4mo ago
Copy link
Edit on GitHub
Outline
Challenge
Solution
Flag