root💀bl4ck4non-sec:~#

Hack. Eat. Sleep. Repeat!!!

View on GitHub

Directory Traversal 01

image

So, our task is to exploit the directory traversal vulnerability and get the key that solves the lab

Navigate to the webpage,

image

Our first task will be to identify the path for directory traversal.

Checking the page source,

image

Lets try to access that image

image

Well, to test for directory traversal, we can start out by trying to view the content /etc/passwd, so we can start with the filepath ../../../../../../etc/passwd

image

Nice, we were able to read the /etc/passwd file.

Now, lets retrieve the key from file path /pentesterlab.key. So, we’ll have something like this ../../../../../../pentesterlab.key

image

submitting the key,

image

We have succesfully completed this lab😎

Directory Traversal 02

image

So, our task is to exploit the directory traversal vulnerability and get the key that solves the lab

Navigate to the webpage

image

Checking the source page,

image

Lets try to view the image

image

This application transmits the full file path via a request parameter, and validates that the supplied path starts with the expected folder. So to solve this we’ll include the required base folder followed by suitable traversal sequences

So, to view the content of the /etc/passwd file, we’ll have something like this /var/www/../../../../../../etc/passwd

image

cool stuff, we were able to view the content of the /etc/passwd file, now lets read the content of the file /pentesterlab.key

image

Submitting the key,

image

We have successfully completed the exercise

Directory Traversal 03

image

So, our task is to exploit the directory traversal vulnerability and get the key that solves the lab

Navigate to the webpage,

image

Checking the page source,

image

Click on that path to view it’s content

image

Now, lets try to read the /etc/passwd file, to do that we’ll be using NULL BYTE to get rid of any suffix added by the server-side code.

So, we’ll have something like this ../../../etc/passwd%00

image

cool it worked. Lets go ahead and get the key that solves this lab for us.

To get the key ../../../pentesterlab.key%00

image

Submitting the key,

image

We have successfully completed this exercise😎

That will be all for today

Back To Home