Posts Categories Tags About Me

Contents

🌐 Looking for Password File

A detailed write-up of the Web challenge 'Looking for Password File' from RingZer0 CTF

mH4ck3r0n3 Ethical Hacking/CTFs/Jeopardy/RingZer0CTF/Web
   321 words   2 minutes 

/images/RingZer0CTF/LookingForPasswordFile/challenge_presentation.png
Challenge Presentation

📊 Challenge Overview

Category Details Additional Info
🏆 Event RingZer0 CTF Event Link
🔰 Category Web 🌐
💎 Points 1 Out of 1 total
⭐ Difficulty 🟢 Easy Personal Rating: 1/10
👤 Author Mr.Un1k0d3r Profile
🎮 Solves (At the time of flag submission) 4.964 solve rate
📅 Date 06-03-2025 RingZer0 CTF
🦾 Solved By mH4ck3r0n3 Team:

🎯 Challenge Files & Infrastructure

Provided Files

1

Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

/images/RingZer0CTF/LookingForPasswordFile/site_presentation.png
Site Presentation

Clicking on the Go to this challenge button, I was redirected to the following page:

/images/RingZer0CTF/LookingForPasswordFile/challenge_site.png
Challenge Page

As we can see and infer from the URL http://challenges.ringzer0ctf.com:10075/?page=lorem.php, we can likely achieve an LFI by changing the page parameter. Since the title of the challenge is “Looking For Password File”, I assume we need to read the contents of /etc/passwd (the password file). Let’s move on to the exploitation phase.

🔬 Vulnerability Analysis

Potential Vulnerabilities

  • LFI (Local File Inclusion)

🎯 Solution Path

Exploitation Steps

Exploitation

As expected, the exploitation phase is simply changing the page parameter’s path to /etc/passwd, resulting in the complete URL: http://challenges.ringzer0ctf.com:10075/?page=/etc/passwd. By visiting the page, the contents of the /etc/passwd file are displayed, and the flag is inside it.

Flag capture

/images/RingZer0CTF/LookingForPasswordFile/manual_flag.png
Manual Flag

🛠️ Exploitation Process

Approach

The automatic exploit makes a GET request to http://challenges.ringzer0ctf.com:10075/?page=/etc/passwd, specifying the page=/etc/passwd parameter and extracting the flag from the response.

🚩 Flag Capture

Flag

Proof of Execution

/images/RingZer0CTF/LookingForPasswordFile/automated_flag.png
Automated Flag
Screenshot of successful exploitation

🔧 Tools Used

Tool Purpose
Python Exploit

💡 Key Learnings

Skills Improved

  • Binary Exploitation
  • Reverse Engineering
  • Web Exploitation
  • Cryptography
  • Forensics
  • OSINT
  • Miscellaneous

📚 References & Resources

Learning Resources

📊 Final Statistics

Metric Value Notes
Time to Solve 00:02 From start to flag
Global Ranking (At the time of flag submission) 16403 / 51297 Challenge ranking
Points Earned 1 Team contribution

Created: 06-03-2025 • Last Modified: 06-03-2025 *Author: mH4ck3r0n3 • Team: *

Updated on 06/03/2025
Read Markdown
 📂 LFI (Local File Inclusion)🌐 Web Exploitation
Back | Home