In the Command Prompt window, execute this command:
dir
A listing of files and folders in the
current working directory appears,
as shown below.
Your working directory is at its default starting value; your home directory, which is usually C:\Users\username. The working directory appears at the start of every prompt, before the > character, as highlighted in the image below.
In Windows, "directories" are also called "folders".
mkdir steve
cd steve
dir
These commands create a new directory named
"steve", change the working directory to
"steve", and list the files and folders
there. This directory is empty, so it
contains only the system-generated
files "." and "..",
as shown below.
echo MARK > stevefile
dir
type stevefile
The first command creates a new file named
"stevefile" and inserts the text
"MARK" into it. The > symbol performs
"output redirection", sending the output of the
"echo" command into a file.
The new file appears in the directory list.
The "type" command displays the contents of the "stevefile" file.
mkdir sally
cd sally
echo MARK2 > sallyfile
dir
dir ..
The first three
commands create a new folder named
"sally", move the working directory into it,
and create a new file there named "sallyfile".
The "dir" command shows the contents of the "sally" folder.
The "dir .." command shows the contents of the folder above "sally" folder, also called its parent. Notice that ".." allows you to use a folder that is outside the working directory, by specifying a relative path, which specifies how to get to the desired directory from the current working directory. This is called "directory traversal".
Flag ED 104.1: Access Control List (5 pts)
In the Command Prompt window, execute this command:
cacls sallyfileThis command shows the Access Control List for the "sallyfile" file.
As shown below, several accounts have "Full Control", indicated by the ":F" after the account names.
The flag is covered by a green box in the image below.
Flag ED 104.2 Find the Flag (10 pts)
The frame below lets you see directory contents on my Windows server. However, it has a command injection vulnerability.
There is a folder named "secret" on the server, containing a file named "flag.txt". Read the contents of that file to find the flag.
Recommended process:
- Find a way to use "dir" to search the whole hard disk
- Find a folder named "secret" that was created in 2019
- Display the contents of the flag file in that folder
Flag ED 104.3 Find the Second Flag (10 pts extra)
There is a file named "flag2.txt" on the same server. Read the contents of that file to find the flag.
Flag ED 104.4 Find the Hidden Flag (15 pts extra)
There is another flag on the same server. You don't know its directory or filename.Find the flag in that file.
Hints
- It's not in the C:\Users\vuln4g or C:\Users\vuln4t directories--those files are for a different project.
- The filename contains "flag"
- The file was created in October, 2019
- You need to get the file off the server and analyze it locally
- Certutil rocks
Posted 10-18-18 by
Sam Bowne
Image for first flag fixed 10-9-19
Instructions for 104.4 added 11-5-19
More hints for 104.4 added 11-16-19
Background color changed 1-18-23
Another hint for 104.4 added 2-16-23
More hints for 104.2 added 3-9-23
Video added 3-15-23