Lab Icon

Path Traversal

Challenge 09 Dec 2025 Free Access Solution Available

Start the machine, hack the system, and find the hidden flags to complete this challenge and earn points!

1
Flags
5
Points
73%
Success Rate
Start Your Challenge

Launch your dedicated machine to begin hacking

~1-2 min setup
Dedicated server
Private instance
Industry standard
This solution is for Flags Mode

This walkthrough explains how to hack the lab and capture the flags. For help with Learning Mode questions, use the Request Hint button next to each question.

Challenge

Path Traversal - Complete Solution Walkthrough

Step 1: Understand the Vulnerability

  1. The challenge runs a vulnerable CGI script that allows file access
  2. The script takes a file parameter without proper validation
  3. Path traversal sequences like ../ are not filtered
  4. This allows access to files outside the web root directory

Step 2: Identify the Attack Vector

  1. Access the web server at the target URL
  2. Navigate to the File Viewer: /vulnerable.cgi
  3. The vulnerable endpoint is: /vulnerable.cgi?file=
  4. This CGI script allows file access without proper validation

Step 3: Craft the Path Traversal Payload

  1. Use the following payload: ?file=../../../../flag.txt
  2. The script concatenates the file parameter to: /usr/local/apache2/htdocs/
  3. This results in: /usr/local/apache2/htdocs/../../../../flag.txt
  4. Which resolves to: /flag.txt in the container root

Step 4: Execute the Attack

  1. Send a request to: http://target/vulnerable.cgi?file=../../../../flag.txt
  2. The CGI script will process the path traversal
  3. This will access the flag file outside the web root
  4. The flag is: 7a9b8c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d

Step 5: Alternative Exploitation Methods

  1. Try different path traversal sequences: ../../../flag.txt, ../../flag.txt
  2. URL encode the payload: %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2f%2e%2f%2e%2f%2e%2fflag.txt
  3. Explore other files: ?file=../../../../etc/passwd
  4. Test different directory levels to find the correct path

Security Implications

  • Input Validation: Always validate and sanitize file paths, especially in CGI scripts.
  • Path Traversal: Common vulnerability that allows unauthorized file access.
  • CGI Security: CGI scripts must be carefully secured to prevent exploitation.
  • File Access Control: Implement proper access controls to prevent unauthorized file reading.
  • Defense in Depth: Use multiple layers of security to prevent path traversal attacks.
  • Code Review: Regular security audits can catch such vulnerabilities before deployment.