Traversed
Start the machine, hack the system, and find the hidden flags to complete this challenge and earn XP!
Ichiko
root
Ichiko
user
mkdirlove
root
mkdirlove
user
kcortxx
root
kcortxx
user
Gh0s1h
root
Gh0s1h
user
MarceloDella
root
MarceloDella
user
Marxes
root
Marxes
user
eltonsantos22
root
eltonsantos22
user
thiagoyokoyama
root
Path traversal (also known as directory traversal) is a web application vulnerability that allows attackers to access files and directories outside the intended web root. By manipulating file path references in application parameters, attackers can traverse the directory structure using sequences like ../ to reach sensitive system files, application source code, and configuration data that should never be accessible through the web interface.
How Path Traversal Attacks Work
Web applications that serve files based on user-supplied input are susceptible to path traversal when they fail to properly validate and sanitize file paths. For example, an application that loads pages using a URL parameter like ?page=about.html might be exploited by changing it to ?page=../../../etc/passwd. The ../ sequences instruct the operating system to move up one directory level, allowing the attacker to escape the web root and access arbitrary files on the server. Variations include URL encoding (%2e%2e%2f), double encoding, and null byte injection to bypass basic filters.
Git Repository Exposure
A particularly impactful variant of path traversal involves accessing exposed Git repositories on web servers. When developers deploy applications without removing the .git directory, attackers can reconstruct the entire source code history by downloading Git objects. This exposes not only current source code but also historical commits that may contain removed credentials, API keys, and internal documentation. Tools like git-dumper automate the process of extracting and reconstructing Git repositories from exposed web servers.
Prevention and Mitigation
Defending against path traversal attacks requires multiple layers of protection. Input validation should reject any file path containing traversal sequences. Applications should use a whitelist of allowed files or resolve the canonical path and verify it remains within the intended directory. Server configuration should restrict the web server's access to only necessary directories, and sensitive files like .git directories should be excluded from deployment or blocked at the web server level. Regular security scanning helps identify exposed files and directories before attackers discover them.
What You Will Learn
- Understand how path traversal vulnerabilities work in web applications
- Learn directory traversal techniques to access files outside the web root
- Discover exposed Git repositories and extract source code
- Practice exploiting file inclusion for privilege escalation
- Develop skills in web application enumeration and file discovery
- Recognize defensive measures against path traversal attacks
Prerequisites
Ready to hack this lab?
Create a free account and start practicing cybersecurity hands-on.
Start Your Challenge
Launch your dedicated machine to begin hacking
New here? Here's what to do
Ready to hack this lab?
Create a free account to start your own dedicated server, submit flags, and earn XP on the leaderboard.
Start Hacking Free