ÉNONCÉ DE L’ÉPREUVE:
File ReaderRecherche et lis le fichier
http://51.91.120.156/rumble/Point: 300
Type: Web
Définition de la vulnérabilité du traversée de chemin:
C'est la vulnérabilité que donne la technique d'attaque par traversée de chemin d'accès (path traversal) qui permet à un pirate d'accéder aux fichiers, répertoires et commandes résidant potentiellement en dehors du répertoire racine des documents internet. Un agresseur peut manipuler une URL de telle sorte que le site internet exécutera ou révélera le contenu de fichiers arbitraires situés n'importe où sur le serveur internet. Tout dispositif qui expose une interface HTTP est potentiellement vulnérable à la traversée de chemin.
Nous sommes confronter à ce site:
En le faisant passer dans un scanner de vulnérabilité, le rapport nous indique la présence d'une vulnérabilité de Traversée de chemin
Nous apprenons ainsi l'url vulnérable: http://51.91.120.156/rumble/index.php?file=%2Fetc%2Fpasswd
Essayons de remplacer le fichier passwd par flag.txt pour voir.
Nous avons
La présence de = à la fin nous indique qu'il pourait être un encodage base64. Essayons de décoder
data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAoAAAAHgCAYAAAA10dzkAAABhWlDQ1BJQ0MgcHJvZmlsZQAAKJF9kT1Iw0AYht+mSkUrDnYQcchQdbEgKuKoVShChVArtOpgcukfNGlIUlwcBdeCgz+LVQcXZ10dXAVB8AfExdVJ0UVK/C4ptIjx4O4e3vvel7vvAKFeZprVMQ5oum2mEnExk10VQ6/oQRgRWkdlZhlzkpSE7/i6R4DvdzGe5V/35+hVcxYDAiLxLDNMm3iDeHrTNjjvE0dYUVaJz4nHTLog8SPXFY/fOBdcFnhmxEyn5okjxGKhjZU2ZkVTI54ijqqaTvlCxmOV8xZnrVxlzXvyF4Zz+soy12kOIYFFLEGCCAVVlFCGjRjtOikWUnQe9/EPun6JXAq5SmDkWEAFGmTXD/4Hv3tr5ScnvKRwHOh8cZyPYSC0CzRqjvN97DiNEyD4DFzpLX+lDsx8kl5radEjoG8buLhuacoecLkDDDwZsim7UpCmkM8D72f0TVmg/xboXvP61jzH6QOQpl4lb4CDQ2CkQNnrPu/uau/bvzXN/v0AUAdymVJBvRkAAAAGYktHRAD/AP8A/6C9p5MAAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfjCwwUDRI8OkmMAAAAGXRFWHRDb21tZW50AENyZWF0ZWQgd2l0aCBHSU1QV4EOFwAAGhVJREFUeNrt3XmUlXXhx/HPKLKIKFGBR3HfcAlNJKERwy0OkQdDTUURQjEyRMM8gooLYXrELUXNBRcIjmUKZEqKIoqiSe4KCEhmgwkVcGR+Ipv390fnTsAsDDgS4Ot1zvzDPPe599nufc/zfO9DSaFQKAQAgC+NrawCAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEAEAAAgAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAgAAEABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEAAAAQgAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAAACEABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgJBZs2Zl5MiR+fGPf5wjjjgi7du3z/nnn59x48Zl0aJFSZJly5alpKRkvX+eeuqpJEn//v3XOe3rr79eJ8tTKBTSq1evlJSUpFu3bvnss88qTTNy5MiUlJRkzJgxtZrnI488kpKSktx1111VPt8bb7yR2267LaeddloOPPDAfP/7388VV1yRp556KkuXLq12vsX1MmPGjCr/vfiz/fbb58gjj0yPHj1y/fXXZ8KECVmwYEGNr7m6ea9r+vXZRms/x6JFi1JSUpJddtkly5cvr/J5nn322Yr5ffjhh1VOM3v27JSUlOSUU07ZoGW66qqrUlJSkldffXW913ldrq+SkpLMnj17nY87+OCDc84552T06NH55z//WavnOvDAA9OjR4/ceeedee+992p1XGzofrq6uXPnZvTo0TnvvPNyzDHH5OCDD86ZZ56Ze+65J2+//XaVx1tdLsO6ju3qnnPs2LE1TvvQQw9VTHvhhRdulHnVdNy/88471c5/4MCBVe5bdbGdvtQK8CWxZMmSwi9+8YtCkmp/WrZsWZg4cWJh6dKlNU5X3c/EiRMLhUKhcN55561z2tdee61OlmvOnDlrzHfGjBmVpvnrX/9aSFIoLS0tLF++vMb5rVy5stClS5dCksKsWbPW+N3ixYsLF110UY3L1bFjxypfw+rrZfr06VX++7p+hg8fXigvL1+veVdnQ7ZRVc/Ro0ePQpLC7Nmzq3yem2++uWJ+zz77bJXTPProo4Ukhfvuu2+DlunKK68sJCm88sor673O63J9VbXPrOtxBxxwQKX9pTbP9eSTT1b7Wj/vflooFArl5eWFa665Zp2vo2/fvoW///3vG7S+alqG2h7b1T3n8ccfX1i5cmWV061YsaLQqVOnimkHDBiwUeZV03F/7rnnFlatWlXlc1x88cVV7lt1sZ2+zJwB5Eth6dKlueCCCzJ48OCUlpbm8ccfzz/+8Y8sW7YsK1asyKJFi/Lyyy/npJNOynHHHZfy8vIUCoVKP6+99lqS5OKLL67y98cee+wazzt9+vQqpysUCjnkkEPqZNkmT56cJBk+fHiS5Omnn640ze67754+ffrkhRdeyNtvv13j/N5999089thjOfXUU7P33ntX/Psnn3ySc889N8OGDUunTp3y3HPPZdGiRVm5cmU++eSTzJgxIwMHDszkyZPzne98J7NmzVrvZVl9fa1YsSIff/xxZs2alQceeCDNmzdPv379ctFFF9X67M36PueGbKPiNn/33Xcr/e6zzz7Lww8/nAEDBmTfffet9qzvyy+/nCQ56KCDNvljqab1VSgUss8++6zzcZ9++mnmzJmTfv36Zfr06RkwYECVZ1BXf8yyZcsyb968XHfddUmSM844IwsXLqz0mLrYT5cuXZrzzz8/gwYNSmlpaf74xz+mrKwsn376aVatWpXy8vLMnj07Y8aMyXPPPZebbrqpVuurtsuwPsd2VS655JI8+uij1R6DM2fOzBNPPJHLLrtso86rOu3atcvtt99e5Rnsdb2v19V2cgkYtlBjxozJiBEj8oMf/CDjxo1L586ds+OOO6Z+/fqpV69emjZtmrZt2+bGG2/MpEmTUlJSslks16effppbbrklHTp0SO/evdOpU6dce+21KS8vrzTtqaeemiR54oknapxn8TL2mWeeucZ6GDVqVMaMGZMTTzwxY8aMSYcOHdK0adNsvfXWadSoUVq1apWhQ4fmlltuyYIFCzJgwIAsW7Zsg5etXr16adKkSfbZZ5+ceeaZmTZtWtq1a5c77rgjDz/88CazDYrR9uc//7nS7z766KNMmTIlRx11VHr06JGxY8dWuhS1fPny3HfffUmSvfba60txPDZo0CB77bVXrrrqqrRs2TITJkzInDlzanxM/fr1s9NOO+X8889Px44ds2DBgiovCdbFfjp69OiMGDEiJ554YsaPH58uXbpk5513ToMGDbLVVlulcePG2XvvvXPaaadl6tSp+fa3v12r5a7tMqzvsb22448/PknyzDPP1HiMd+nSZaPOqzqXX355kuSmm27KypUra/24L2o7CUDYQixcuDA/+9nPkiRXX311vva1r1U7bUlJSY466qh89atf3SyW7fXXX8+bb76Zvn37plGjRjn77LNTVlaWV155pdK0bdu2TfPmzfPLX/4yixcvrnJ+5eXlGTZsWJLk8MMPX2MdXnTRRUmSIUOGpFmzZlU+fuutt87ZZ5+d4447Lo899liVUbShdt1119x8881JkkGDBtXqg3Bj2HPPPZMk9913X6WzWMVxXvvtt1/atGmTyZMn56OPPlpjmg8++CBlZWXp3r17vvKVr3ypjs1mzZrlhBNOSJJ1jvFcPaKK++Ynn3xS6Vj/vPvpwoULM2DAgIr3i3W9F+ywww458cQT12u5a1qGDTm219aiRYtcccUVueGGGyrNv7y8PNdcc02GDh2ar3/96xt1XtVp1apVbrjhhowZMyZTp06t9fv6F72dBCBs5mbMmJElS5akR48eadWq1Ra1bOPHj0+SlJaWJknFX7i///3vK03bpEmTDBw4MEuWLMm0adOqnN8rr7ySsrKyDB06dI0Pz+nTp2fJkiXp3r179t9//xpfU6NGjdK3b98kyfPPP1+ny9umTZu0bds2ZWVlmTt37iaxDZo2bZqePXumrKwsH3zwQaUP8ebNm2eXXXbJvvvumySVznQVLx136tTpS32c1vas+/LlyysiYe0P/brYT4vz6NmzZ/bbb78vZFlrWoYNObar0qVLl8ydO7di2Mrqx/iCBQvSuXPnWr/eupxXdbp3754kufbaa2t15WBjbCcBCJu54iWWjh07bjaXdmtj/vz5ufbaa3PWWWdlt912S5LstNNO6d+/f4YPH56ysrJKj/nud7+bJNV+G7h4afV73/veGv9ejJajjz66Vuuw+Ib86KOP1uky16tXL127dk2SzJs3b5PZFsccc8waMZf85xuc48aNS+/evdOwYcPssssuadmyZd544401HluM8c1h/F9dW7hwYcaNG5ck6zyDtHz58sybNy833nhjpkyZkq5du1b6g64u9tPiPL7zne98IeG3rmXY0GN7ba1bt07r1q3zhz/8odIx3rZt2/Xa3+pyXtXZcccdc/fdd2fChAmZNGnSOqf/IreTAIQt6EOmpr+0v0gHHHBAlbfK+PWvf/255/3CCy8k+e/YvqJu3bolSaZMmVLpMa1atUrnzp1z//335/3331/jd/Pmzcutt96a0tLSSm/oxXVY0+Xz1W2//fZJkpdeemm9xvTURosWLZIkH3/88SazjQ488MAk//0yR/Kf8X+TJk2quNRXv379/OhHP8ojjzySQqGQJFmxYkVGjRqV5L+XktfnNRZ/rrzyyv/5Pl28vUttLFu2LO+9916uvPLKlJWVpVOnTlWOf1z9uRo0aJCWLVtm0KBB6d+/f+68887Ur1+/zvfT4q2gqrt8/Pzzz1e57H/729/Wub5qswwbemyvrUGDBjn//PNz3XXXZf78+Wsc4/369avyeTfGvGrSrVu3tGzZMkOGDMn//d//1ThtXW8nAQhbsC3p7N+qVaty7733JkkOO+ywNX7Xpk2bNG/ePHfccUdWrFixxu+KY5+S5Lnnnqv0hpkkP/3pT7PNNttssuuwGE+b0vYsxtu9995bMQ6weIZi9TM8bdu2XWMc4AcffJC5c+emR48eadq06RZ9/K0eQg0bNszee++dW2+9Nfvuu29uuummNGjQoNZno84+++yKPwTqej/dGPtXTcuwocd2VYpnx1588cUkqbjs3KFDh/V+zXU5r+o0a9Ysw4YNy0svvZQJEyZsdu8DAhA2McW/EP/1r39t9Oeu7pYZxbFHG2rmzJl57LHHcvXVV1cKh+222y6XXHJJpkyZUuUtX4pjioYPH14RKytXrqy46XNVb+jruw6LZ+fatWuXevXq1ek6LX5ZoEmTJpvMNmratGl69eq1xjjAN998M02aNKm4hJf895JjMQ6Lt9YoXppf39dY/NmYZwBrei1rX96uKQZ79+6dUaNGZcqUKdWO11v9ucrLy/Pcc8+lvLw8paWlVX57ti720+I8qrs9yxFHHLHGMp988sm1Xl+1WYbPc2xX9YdJ9+7dc//992f58uUZMWJEevbsmd13332D/sipq3nVpEuXLjn00ENz6aWXVvtltS9iOwlA2AIV70s2efLkir8aN3dPPvlkkuTSSy+t8jLHBRdckCR5/PHHKz22RYsWGThwYKZNm5a33nqr4kNq0qRJ6devX1q2bFnpMcX7AT799NO1WofFsXDFW0jUlZUrV1YMjq/qdf4vrT4OsFAoZPz48enTp08aNWpUMc2uu+6aJk2aVNwPsHjJuHgJeUu2egi98847GTFiRM4444w0b968Vo9v3LhxOnTokJEjR2bJkiW5/PLLKw0vqIv9tDiPZ599ts7XQW2W4fMc22srKSnJ6aefnvHjx2f06NF54okn0r179w06a1aX86pJkyZNctVVV2XWrFkV40Or8kVuJwEIW4j9998/TZo0yahRozJz5szNfnmWLFmSa6+9tlbTXnbZZRVjZVZX/CJF8TJL8UPnpJNOqvaMTZMmTTJmzJh1/tdhS5curTibeMQRR9Tpsr/66quZNm1aWrZsmT322GOT2i6rjwOcP39+Jk6cWOm+Yw0bNsxPfvKTPPLII1m2bFlGjhxZcXaF2mnfvn369euXBx98sOJyZF3up8V53H///Rt0M/PPswx1cWyvrV27dkmS3r17J/nPMIQNVZfzqsmxxx6b4447Lv3796/29kAbYzsJQNjMNWvWrOIO8JdeemmNl4cKhUKeeeaZ/Pvf/95kl2fatGlZsGBBrr/++hovC95zzz1J/jPAfW2HHHJIWrduncGDB2fu3LkZMmRIWrZsmTZt2lS7Dov3B7z88surveyyatWqjBgxIk888UQ6d+68xr0EP6+ysrKK+35dc8012W677Tap7bL6OMDi5bmqvuHZrl27TJ48OS+88ELmzp2bXr16ZYcddnCg1vZDa6utKsaxrn3j4LrYT5s1a5Ybb7wxSTJ48OAa/6eOul6Guji2qzp2i0MEhg4d+rnuNVmX86pJw4YNM2jQoCxZsiS//e1vq30tX/R2EoCwBejevXvOOuusjB07Nt26dcuf/vSnzJ8/PytWrMiqVauyePHi/OUvf8mFF16Yo48+epO+VFx8Q1z7v51b25FHHpkkGTlyZKXladiwYfr3758k+fnPf54lS5Zk4MCBNUZVjx49cuqpp+bhhx/OGWeckSlTpmTx4sX57LPPsnTp0sycOTODBw/Oeeedl+bNm6/XwP7qPqTLy8szZ86c/OY3v0n79u3zwgsvpG/fvpvkDV132GGH9O7dO2VlZRUfTFWNjypG4fXXX1+r7Uhl3/jGN9KnT5+MHTt2jW9e19V+evrpp+ess87K7373u5xwwgl5/PHH8+GHH2bZsmUpFAoVt3MZN25cxbjH9b0UWtUy1MWxXZUrrrgihUIhl1566ede93U5r5occcQROfnkk9O/f/9qL/NujO20JatnFfBl0KhRo9x8883Zbbfdcvnll1d749I999wzEydO3GT/J5D3338/d911V0pLS3PAAQfUOO1ee+2Vrl275sEHH8yQIUMq/R+tHTt2TJKMHTs2yX/HsFVn2223zR133JGdd945N9xwQ7Xf0uvYsWNuv/32Dbo567qWafjw4enVq9ca4+rWdx4LFy78ws5cHHXUUbn33nszYcKE9OvXL40bN640TfFLIcX1978e/7e+62td00+cOPELj9qtttoq55xzTu6+++7cdtttOfzww7P11lvX2X7aqFGj/OpXv8pee+1V8aWL6hx66KGZNGnSeo9JXXsZWrRoUWfH9pZgm222yYUXXpiHHnqo2jOdG2M7CUDYAmy33XYZPHhwTjnllEydOjVTp07NW2+9lVWrVqV9+/Y56qij0rFjx036dhzFN7i+fftWe6uW1T9gevbsmfHjx+eZZ56p9CGx5557pmfPnnnggQfStWvXiv+poiZNmzbNsGHDcsYZZ+T555/PlClT8vrrr2ePPfbIt771rRx55JEpLS2tMdBqq7S0NHvssUdat26dgw46qOIWGJuy1e+fWN34x2233Tb9+/fPLbfckiSb3FjGzcU3v/nN9OjRI6NGjcoFF1ywxni0uthPGzdunEGDBuWHP/xhXnzxxUydOjVvv/125s+fn4MPPjiHH354DjvssLRt2zbbbrvt516G4s3Z6+LY3lK0bds2ffr0yd133/0/3U5bqpLClvK1SAAAasUYQAAAAQgAgAAEAGCL4Usg8D+2PsNw3cIAAAEIm7kVK1akfv36tZ5++fLl6/yGIACsi28BAwB8yRgDCAAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAABCAAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAAIQAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABABCAAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIAIAABAAQgAAACEAAAAQgAgAAEAEAAAgAgAAEAEIAAAAhAAAAEIAAAAhAAAAEIAIAABABAAAIACECrAABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCACAAAQAQAACACAAAQAQgAAACEAAAAQgAIAABABAAAIAIAABABCAAAAIQAAABCAAAAIQAAABCADAF+b/AV/o1gfJJQCOAAAAAElFTkSuQmCC
Nous voyons qu'il s'agit d'une image (présence de "data:image/png;base64" au début).
Essayons de la récupérer avec un outils en ligne de décodage d'image base64
https://codebeautify.org/base64-to-image-converter
Ainsi nous avons notre CTF
j
RépondreSupprimer