Whispers of the Moonbeam
Description
In the heart of Valeria's bustling capital, the Moonbeam Tavern stands as a lively hub of whispers, wagers, and illicit dealings. Beneath the laughter of drunken patrons and the clinking of tankards, it is said that the tavern harbors more than just ale and merriment—it is a covert meeting ground for spies, thieves, and those loyal to Malakar's cause. The Fellowship has learned that within the hidden backrooms of the Moonbeam Tavern, a crucial piece of information is being traded—the location of the Shadow Veil Cartographer, an informant who possesses a long-lost map detailing Malakar’s stronghold defenses. If the fellowship is to stand any chance of breaching the Obsidian Citadel, they must obtain this map before it falls into enemy hands.
Required Knowledge
Command Injection
Solve Walkthrough
When open the web url, type help to see list what commands that can be use. One command called gossip is behave like ls command. The flag.txt file is located at the current directory.
Okay, now let's find out how to read that flag.txt file. Simply, we can use semicolon as delimiter of second command, like regular command injection attack. So, the first command gossip is to bypass the command check and ; cat flag.txt is to read the flag.
Here's my POC to read the flag.
gossip; cat flag.txt
Flag
HTB{Sh4d0w_3x3cut10n_1n_Th3_M00nb34m_T4v3rn_df37873135314ddc601fbc674ec2339f}
Last updated