Step 1:

Gasiti vulnerabilitatea de meta-caractere din aplicatia client-server de la lab3: download.

Step 2:

Continuati lab4 si gasiti ctf2

Download this VirtualBox appliance.

Import the appliance in the VirtualBox. Use "attacker/attacker" credentials to log in. Check for its assigned IPs.

Access from a host Internet browser the "/injection.php" on the Web site of the installed machine. That is the starting point of capturing the first flag. Here are some hints:

1. Take a look at the "injection.php" file's contents.
2. The flag lays in a "ctf1.txt" file, whose contents could only be displayed from the Web page.
   

When displaying the first flag, you will find out details about the second flag.