β οΈ Training Target: This system uses path-based access controls that may be vulnerable to traversal attacks.
π Current Directory Path
Requested: /files/../../admin
Resolved: /files/admin
π Administrative File Directory
β
Administrative Directory Access Granted
π /files/admin/ contents:
system_config.json
CONFIDENTIAL
System configuration and API keys
backup_scripts.sh
RESTRICTED
Automated backup and recovery scripts
master_keys.txt
TOP SECRET
Administrative access credentials
π Administrative File Contents
master_keys.txt:
FLAG{p4th_tr4v3rs4l_h4ck_2024}
System Information:
- Root access token:
root_2024_secure
- DB admin pass:
db_master_key_789
- API endpoint:
/api/v1/admin/emergency
- Backup server:
backup.corp.internal
π― Hunter Objective:
- The system uses path-based access control that may be bypassable
- Try manipulating the
path parameter in the URL
- Look for directory traversal patterns:
../, ..\\
- Test different path variations to access restricted directories
- Find the admin directory and extract sensitive files
π§ Test Different File Paths:
π‘οΈ Path Sanitization Info
Current Filter: The system attempts to remove ../ and ..\\ patterns.
Bypass Tip: Try nested patterns like ....// or alternative approaches like direct admin path access.
π¨ Path traversal IDOR vulnerability | Let's Jam Training Platform