Ícone do Lab

Path Traversal

Desafio Atualizado em 07 fev. 2026 Acesso Gratuito Solução Disponível

Inicie a máquina, hackeie o sistema e encontre as flags escondidas para completar este desafio e ganhar pontos!

1
Flags
5
Pontos
72%
Taxa de Sucesso
Comece Seu Desafio

Inicie sua máquina dedicada para começar a hackear

~1-2 min de configuração
Servidor dedicado
Instância privada
Padrão da indústria
Esta solução é para o Modo Flags

Este guia explica como hackear o lab e capturar as flags. Para ajuda com as perguntas do Modo de Aprendizado, use o botão Solicitar Dica ao lado de cada pergunta.

Desafio

Path Traversal - Complete Solution Walkthrough

Step 1: Understand the Vulnerability

  1. The challenge runs a vulnerable CGI script that allows file access
  2. The script takes a file parameter without proper validation
  3. Path traversal sequences like ../ are not filtered
  4. This allows access to files outside the web root directory

Step 2: Identify the Attack Vector

  1. Access the web server at the target URL
  2. Navigate to the File Viewer: /vulnerable.cgi
  3. The vulnerable endpoint is: /vulnerable.cgi?file=
  4. This CGI script allows file access without proper validation

Step 3: Craft the Path Traversal Payload

  1. Use the following payload: ?file=../../../../flag.txt
  2. The script concatenates the file parameter to: /usr/local/apache2/htdocs/
  3. This results in: /usr/local/apache2/htdocs/../../../../flag.txt
  4. Which resolves to: /flag.txt in the container root

Step 4: Execute the Attack

  1. Send a request to: http://target/vulnerable.cgi?file=../../../../flag.txt
  2. The CGI script will process the path traversal
  3. This will access the flag file outside the web root
  4. The flag is: 7a9b8c1d-2e3f-4a5b-6c7d-8e9f0a1b2c3d

Step 5: Alternative Exploitation Methods

  1. Try different path traversal sequences: ../../../flag.txt, ../../flag.txt
  2. URL encode the payload: %2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2f%2e%2f%2e%2f%2e%2fflag.txt
  3. Explore other files: ?file=../../../../etc/passwd
  4. Test different directory levels to find the correct path

Security Implications

  • Input Validation: Always validate and sanitize file paths, especially in CGI scripts.
  • Path Traversal: Common vulnerability that allows unauthorized file access.
  • CGI Security: CGI scripts must be carefully secured to prevent exploitation.
  • File Access Control: Implement proper access controls to prevent unauthorized file reading.
  • Defense in Depth: Use multiple layers of security to prevent path traversal attacks.
  • Code Review: Regular security audits can catch such vulnerabilities before deployment.

Pronto para hackear este lab?

Crie uma conta gratuita para iniciar seu próprio servidor dedicado, enviar flags e ganhar pontos no ranking.

Começar a Hackear Grátis
Junte-se a 5.000+ hackers aprendendo cibersegurança com labs práticos. Criar Conta