webProeasy

Путь к флагу

bug-makers

Task: static nginx site with a flag file protected by Basic Auth; .git directory exposed. Solution: dump git repo to find nginx config with alias off-by-slash misconfiguration, traverse via /images../fourth/flag.txt to bypass auth.

$ ls tags/ techniques/

path_traversal information_disclosure nginx off_by_slash alias_traversal git_exposure basic_auth_bypass

git_repository_dumpingnginx_alias_traversalauthentication_bypass_via_path_traversal

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Протокол \"Затмение\" (Eclipse Protocol)— hackerlab
[web][Pro]Старый коммит (Old Commit)— bug-makers
[forensics][Pro]Украденный флаг (Stolen flag)— bug-makers
[web][Pro]DevOps 300k/s— hackerlab
[web][free]clankers-market— b01lersc