Path Traversal 2

This room is provided by pwn.college, under Introduction to cyber security module (web security). In this room we have to use traverse path using localhost server running on port 80 with flask technology. To get flag we have to get flag from root directory

Start room with SSH and enter linux ssh command with relative private key and get connect with machine and then start flash server using server binary (python)

$ ssh -i key hacker@dojo.pwn.college

$ cd challenge && server

Once server is start, we can also show python code for server which get inputs from URL in localhost, URL will be after "content" word which then merge with app root directory , "files" and path.strip("Slash]dot]") python function which will remove all continuous forward or leading slashes and dots from string at start and end side and return new string. So, to bypass strip function we can use path in this way that slash and dots are used in middle of the path to traverse.

Now our application using Werkzeug/Flask, which use encoding and decoding before routing to path. Which means we have to covert our path traversal symbol into another form. For this instead of using slash and dot in path we will use %2e and %2f respectively and this will also works if use URL encoding just for slash character in URL or path