**Title:** Very Old Website

**Description:** We have checked our very old website whether it contains a vulnerability. But lucky we were unable to find anything. Can you check, just to be sure?

**Flag:** Three flags (of different levels)

- `IG{1-IchBinKeinNetScapeNavigator}`
- `IG{2-GoodJobCoconut}`
- `IG{3-0PHP0IS0FUN0!}`

**Hints:**

- First flag: `Mozilla/5.0`
- Second flag: `Read the REAL /password.txt`
- Third flag: `$PS1, $PWD, $UID, $SHELL`

**Files given:** _None_

**How the challenge works:**

1. Change the useragent to `Navigator/` (or a real Netscape useragent string)
2. First flag: `X-Flag` header on `/`
3. Read `http://ip/robots.txt`
4. Fake files: `http://ip/password.txt`, and `http://ip/flag.txt`
5. Check source of `http://ip/admin/`
6. See possible path vulnerability: `?p=login.php`
7. Try `?p=../../../../../../password.txt`
8. Does not work, `..` replaced with `.`
9. Retry with `?p=.../.../.../.../.../.../password.txt`
10. Hurray password!
11. Log in using these credentials on `http://ip/admin/`
12. Hurray another flag: `<input type="hidden" name="flag">`
13. Remote Code Execution, send payload `phpinfo()` using admin panel.
14. Refresh `http://ip/`
15. Find third flag.

**How to deploy:**

```
./docker.sh
```

**How to stop:**

```
docker stop very-old-website
```

Container is automatically removed!