A Simple CTF Challenge that expects user to see Client Side Login Algorithm, Path Traversal and Command Injection.
Language Used = Python3
Modules/Packages used:
- os
- flask
Install the dependencies:
pip install -r requirements.txt
- Add Part 1 of the Flag in /etc/passwd (for Path Traversal)
echo part_1_of_the_flag >> /etc/passwd
- Add Part 2 of the Flag in Environment Variables (for Command Injection)
export flag_part_2="part_2_of_the_flag"
- After seeing Robot on Index page, we head to /robots.txt
- There are 2 Routes listed there
- /remote_file_access_login: Login Route
- /parts: Gives us hints where the parts of the Flags are stored
- After going to /remote_file_access_login, we find the login logic in the JavaScript Code. We get the following Credentials for login:
- User: kaptaan
- Password: main_daku_ek_number_da_han
- After Login, we see list of Files
- After selecting 1 file, we get to know that it sends a get request to /getFileContent with parameter file
- Here file is vulnerable to Path Traversal and Command Injection.
- We do Path Traversal to /etc/passwd to get the First Part of the Flag.
- We do Command Injection to get the Environment Variables, which gives us the second part of the Flag.