HTB — Looking Glass

Looking Glass landing page:

This application has two features, Ping and Traceroute where users can choose which IP address to test.

Testing the User input field:

1. Adding ;lsto the target IP address gives add the file index.php contained in this specific directory.

2. Testing ;ls / provides a whole lot of files contained in the directory/ . With some of the interesting files such as the flag file.

3. Let’s read the flag file, and voila!!!

4. This can also be done through Burp’s repeater like so…

References:

https://app.hackthebox.com/challenges/177