FileDump — Directory Listing Exposed

FileDump has an unlisted /backup/ path with directory listing enabled. Use gobuster to find it, browse the index, and grab the config file with the flag inside.

Step-by-step walkthrough ↗

Find the exposed backup directory via directory listing and retrieve the flag from a backup file.