Capture The Flag
  • 🏠 Home
  • CTF 2024
    • 🖥INTIGRITI 2024
      • Warmup - Babyflow
      • OSINT - Bob L'éponge
  • CTF 2022
    • 🖥 ROOTCON 16 Pre-Qualifier
      • 1️⃣ Easy 300: Illusive Mind with Illusive Thoughts
      • 2️⃣ Easy 300: Hack and Take a Break
    • 🖥 HTB Cyber Apocalypse 2022 Intergalactic Chase
      • 1️⃣ Web 300: Kryptos Support
      • 2️⃣ Web 300: BlinkerFluids
  • CTF 2021
    • 🖥 ROOTCON 15 CTF
      • Exploitation 4
      • Exploitation 6
      • Web 200
    • 🖥 HTB Business CTF 2021
      • Time
      • NoteQL
  • CTF 2020
    • 🖥 ROOTCON RECOVERY MODE
      • Forensics (Warm Up)
      • Web (Wizardry)
Powered by GitBook
On this page
  1. CTF 2021
  2. 🖥 ROOTCON 15 CTF

Exploitation 4

Previous🖥 ROOTCON 15 CTFNextExploitation 6

Last updated 2 years ago

This challenge requires us to read the /flag.txt file

During our enumeration we found the Elasticsearch Directory Traversal (CVE-2015-5531) vulnerabilities

Description: Directory traversal vulnerability in Elasticsearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.

We change the path to /flag.txt to read the file. But we got encoded data.

We used some online decoding tools to decode the data from decimal into ascii.

Flag: RC15{J5ekuUdMY7BLZmktYCXzWZhZZ4J3W8pv}