Forum Discussion

Akshay's avatar
Akshay
Icon for Bronze II rankBronze II
3 months ago

OWASP 2017 Java: Underprotected APIs

I am stuck on the "OWASP 2017 Java: Underprotected APIs" challenge. I have tried accessing "<Target URL>/FileDownloadServlet?path=/etc/&file=flag.txt," for which I received the error message "HACKI...
offensive cyber
  • ChrisKershaw's avatar
    ChrisKershaw
    3 months ago

    Hey Akshay 👋🏻,

    Welcome to the Human Connection 😊

    I've just had a look at the information on our internal lab page, and it does look like you are searching for the right endpoint here (/FileDownloadServlet).

    You will need to use the directory traversal to include the flag from /etc/flag.txt /FileDownloadServlet?file=flag.txt&path=/var/lib/tomcat9/../../../../etc

    I'm hoping that this will help, but just in case you have any further problems solving this, I'll tag in my colleague NyePrior to see if they have any other guidance to help 👍🏻

    Let us know how you get on with your attempt! 

    Kindest regards,
    Chris 

ChrisKershaw's avatar
ChrisKershaw
Icon for Community Support rankCommunity Support
3 months ago

Hey Akshay 👋🏻,

Welcome to the Human Connection 😊

I've just had a look at the information on our internal lab page, and it does look like you are searching for the right endpoint here (/FileDownloadServlet).

You will need to use the directory traversal to include the flag from /etc/flag.txt /FileDownloadServlet?file=flag.txt&path=/var/lib/tomcat9/../../../../etc

I'm hoping that this will help, but just in case you have any further problems solving this, I'll tag in my colleague NyePrior to see if they have any other guidance to help 👍🏻

Let us know how you get on with your attempt! 

Kindest regards,
Chris