I made a blog!

Web Challenges by EZ-CTF

Screenshot of Challenge

Did you check out my blog posts? http://ez.ctf.cafe:9999

Hint

robots will rule the world!

Writeup

Let's Visit the website

homepage of website

When you visit http://ez.ctf.cafe:9999/flag.php you will get a hint. Here it is: How do you filter your coffee?

okay, good! we can see that we are on the right path, now, let's see the blog. Click the 'Read More' button on the blog. You will be redirected to `http://ez.ctf.cafe:9999/blog-posts.php?file=blog1.html`

Perfection! you can see there is a file parameter. Let's try to do `/etc/passwd` on that parameter

/etc/passwd in file parameter (working!)

So, now let's find the flag. I have used flag, /home/flag, /root/flag, but got no luck.

Then, I remembered the hint flag.php and then find the payload with filter in PHP.

Luckily, I got this one, thanks to PayloadAllThings

PayloadsAllTheThings/README.md at master · cyberheartmi9/PayloadsAllTheThingsGitHub

PayloadAllThings

Use this payload and boom, you will get string,

`http://ez.ctf.cafe:9999/blog-posts.php?file=php://filter/convert.base64-encode/resource=flag.php`

Output String: PD9waHAKCWVjaG8gJ0hvdyBkbyB5b3UgZmlsdGVyIHlvdXIgY29mZmVlPyc7ICAgIAoJLy8gRVotQ1RGe0xGSV8xU18zWn0KPz4K

This is a base64 encoded string, decode it with a base64 decoder

On decoding string, it will show the flag!!! 🎉

Flag:

EZ-CTF{LFI_1S_3Z}