Icône du lab

Path Traversal

Défi Mis à jour le 07 févr. 2026 Accès Gratuit Solution Disponible

Démarrez la machine, hackez le système et trouvez les flags cachés pour compléter ce défi et gagner des points!

1
Flags
5
Points
72%
Taux de Réussite
Commencez Votre Défi

Lancez votre machine dédiée pour commencer à hacker

~1-2 min de configuration
Serveur dédié
Instance privée
Standard de l'industrie
Cette solution est pour le Mode Flags

Ce guide explique comment hacker le lab et capturer les flags. Pour de l'aide avec les questions du Mode Apprentissage, utilisez le bouton Demander un Indice à côté de chaque question.

Défi

Path Traversal - Complete Solution Walkthrough

Step 1: Understand the Vulnerability

  1. The challenge runs a vulnerable CGI script that allows file access
  2. The script takes a file parameter without proper validation
  3. Path traversal sequences like ../ are not filtered
  4. This allows access to files outside the web root directory

Step 2: Identify the Attack Vector

  1. Access the web server at the target URL
  2. Navigate to the File Viewer: /vulnerable.cgi
  3. The vulnerable endpoint is: /vulnerable.cgi?file=
  4. This CGI script allows file access without proper validation

Step 3: Craft the Path Traversal Payload

  1. Use the following payload: ?file=../../../../flag.txt
  2. The script concatenates the file parameter to: /usr/local/apache2/htdocs/
  3. This results in: /usr/local/apache2/htdocs/../../../../flag.txt
  4. Which resolves to: /flag.txt in the container root

Step 4: Execute the Attack

  1. Send a request to: http://target/vulnerable.cgi?file=../../../../flag.txt
  2. The CGI script will process the path traversal
  3. This will access the flag file outside the web root
  4. The flag is: 7a9b8c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d

Step 5: Alternative Exploitation Methods

  1. Try different path traversal sequences: ../../../flag.txt, ../../flag.txt
  2. URL encode the payload: %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2f%2e%2f%2e%2f%2e%2fflag.txt
  3. Explore other files: ?file=../../../../etc/passwd
  4. Test different directory levels to find the correct path

Security Implications

  • Input Validation: Always validate and sanitize file paths, especially in CGI scripts.
  • Path Traversal: Common vulnerability that allows unauthorized file access.
  • CGI Security: CGI scripts must be carefully secured to prevent exploitation.
  • File Access Control: Implement proper access controls to prevent unauthorized file reading.
  • Defense in Depth: Use multiple layers of security to prevent path traversal attacks.
  • Code Review: Regular security audits can catch such vulnerabilities before deployment.

Prêt à hacker ce lab?

Créez un compte gratuit pour démarrer votre propre serveur dédié, soumettre des flags et gagner des points au classement.

Commencer à Hacker Gratuitement
Rejoignez 5 000+ hackers qui apprennent la cybersécurité avec des labs pratiques. Créer un Compte