Little Secret Detected Write Up


On a remote server, far on a distant port
lays an application, which will log our actions.
Despite what you might think, there is no protection.
we’ve found the error, and this is our report.


Successful connection, it then requires a name.
What a foolish question! Cause this will be its doom.
Next step gives us a choice, let us enter the room:
one will ls the files, two will read them by name.


Selecting the first choice, a research prompt is shown,
only one char allowed, why an input so small?
But we do not need more, one star to print them all,
others break the system, might be a road to pown.


Not many restrictions, except for permissions.
Starting from the old_logs, using the dot and slash,
we may travel the path, but in here lies no crash.
Then with all files read, time for exploitation!


Set the name to -a, for ls an option.
Used as such when listing, hidden name uncovered,
we now read this latter. With this flag recovered,
we conclude our tale, about the solution.