HacktivityCon CTF

CTF Writeup - https://ctftime.org/event/1101

Home Other writeups of HacktivityCon CTF
2 August 2020

Bite

by vishalananth

Want to learn about binary units of information? Check out the “Bite of Knowledge” website!

Connect here: http://jh2i.com:50010

Solution

Trying out http://jh2i.com:50010/?page=flag tells us that the flag is at /flag.txt. So trying http://jh2i.com:50010/?page=/flag.txt gives us flag.txt.php does not exist. So we try to add a null byte at the end of string to terminate it after the .txt with http://jh2i.com:50010/?page=/flag.txt%00 which gives us the flag.

Flag

flag{lfi_just_needed_a_null_byte}
tags: Web