RESTful swap

Description

RESTful swap | 100 points | By Mudasir

I made this server that lets you read my files, except my private ones. Anything with these file extensions is not allowed: 'py', 'php', 'java', 'md', 'sh'. I'm working on adding the flag to the server, but you can still take a look around until then.

Web servers: challs.bcactf.com:31452

Analysis

Website is serving simple files.

server.py - Can't open that
.vimrc - Vim configuration (nothing interesting)
- Must be using vim as text editor.
hello world - Junk file

Hint in html

<li style="display:none">Hidden files not shown</li>

Solution

Ok, if admin is using vim as editor there must be a swap file

➜ wget http://challs.bcactf.com:31452/.server.py.swp

➜ strings -d -n 10 C:\Users\pvpga\Downloads\server.py.swp
...
flag = 'h!dDen_f!le$$!!_3bh5j7'
...

Flag: bcactf{h!dDen_f!le$$!!_3bh5j7}

PreviousPostfix Calculator NextToo Fast

Last updated 8 months ago

hashtagDescription

hashtagAnalysis

hashtagSolution

Description

Analysis

Solution