| Title | Rating |
|---|---|
| Lo-Fi | Easy |
Recon
Nmap gives 2 Open ports 22(ssh) and 80(http), nothing else of interest.
Visiting the webserver, its a Apache webserver with links to youtube vids
The Search function does not do anything. But the Links given to the right open certain page depending on the type of music.
So we have relax.php, chill.php, vibe.php, etc. We can say the server is just locating and executing these files from the web root.
Try a basic Directory Traversal:
Thats a easy hit!
Lets find the flag now
Even this was too easy. But we can see a small misconfig can have a high impact revealing internal files.
Thanks.