Flag0 -- Found
- What was the first input you saw?
- Figuring out what platform this is running on may give you some ideas.
- Code injection usually doesn’t work.
Flag1 -- Found
- Make sure you check everything you’re provided.
- Unused code can often lead to information you wouldn’t otherwise get.
- Simple guessing might help you out.
Flag2 -- Found
- Read the first blog post carefully.
- We talk about this in the Hacker101 File Inclusion Bugs video
- Where can you access your own stored data?
- Include doesn’t just work for filenames.