webhard

Царь горы (King of the Hill)

hackerlab

Task: Flask web app with avatar endpoint and password change functionality. Solution: LFI via path traversal in avatar endpoint to read source code, then IDOR in update-password to change admin password and escalate privileges.

$ ls tags/ techniques/

flask lfi path_traversal source_code_disclosure idor privilege_escalation

path_traversalsource_code_analysislfi_proc_self_cwdidor_password_change

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]