BSIDESSF CTF: Zumbo 1

Problem

Welcome to ZUMBOCOM….you can do anything at ZUMBOCOM.

Three flags await. Can you find them?

http://zumbo-8ac445b1.ctf.bsidessf.net

Solution

Inspecting the web page at the given link reveals a python script is located on the server at /code/server.py.

Using this information, a directory traversal attack is attempted to access the python script.

http://zumbo-8ac445b1.ctf.bsidessf.net/..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F/code/server.py

FLAG: FIRST_FLAG_WASNT_HARD