Challenge Overview
Can you get the flag?
Here's the website.
We know that the website files live in /usr/share/nginx/html/
and the flag is at /flag.txt but the website is filtering absolute file paths.
Can you get past the filter to read the flag?
Solution
I initially tried to input usr/share/nginx/html/flag.txt as the filename as that is where the website files are located and flag.txt should probably be there. However, it says that I am "Not Authorized" when I inputted this. Based on the description I probably should change the input in some way to bypass the filtering.
My first idea was URL encoding and changing all of the "/" to %2F. This did not work.
Next, I just replaced all the previous directories with ".." since it isn't needed for the command and might be causing issues. So I inputted this into the filename field: ../../../../flag.txt and got the flag.
Flag: picoCTF{7h3_p47h_70_5ucc355_e5fe3d4d}