webmedium
Calculator
hackerlab
Task: Calculator web app with Go backend exposing /source endpoint. Solution: Discovered obfuscated 'file' parameter (byte array), exploited LFI to read /proc/self/environ and extract flag from environment variables.
$ ls tags/ techniques/
lfipath_traversalproc_filesystemenvironment_variablessource_code_analysislocal_file_inclusiongogolangbyte_array_obfuscation
Local File Inclusion via hidden parameterReading /proc/self/environ for environment variablesDecoding obfuscated Go byte arrays
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Create a free account with GitHub, then upgrade to Pro.
$ssh [email protected]