The following source code is provided for this task :

#include <stdio.h>
#include <string.h>

#define yes_len 3
const char *yes = "yes";

int main()
char flag[99];
char permission[10];
int i;
FILE * file;

file = fopen("/problems/absolutely-relative_0_d4f0f1c47f503378c4bb81981a80a9b6/flag.txt" , "r");
if (file) {
while (fscanf(file, "%s", flag)!=EOF)

file = fopen( "./permission.txt" , "r");
if (file) {
for (i = 0; i < 5; i++){
fscanf(file, "%s", permission);
permission[5] = '\0';

if (!strncmp(permission, yes, yes_len)) {
printf("You have the write permissions.\n%s\n", flag);
} else {
printf("You do not have sufficient permissions to view the flag.\n");

return 0;

We can see that this is reading two important files :

1. `/problems/absolutely-relative_0_d4f0f1c47f503378c4bb81981a80a9b6/flag.txt`:
the flag. We don't have permission to read it ourselves, so we have to read
it through the program.
2. `./permission.txt` : the file used by the program to determine whether we are
allowed to see the flag file's content.

The program is simply checking if the `permission.txt` file contains the string
`yes`, but the `permission.txt` file in the task directory contains the
string `no` and we don't have write permission on it.

What we can exploit is the way the paths to these files are specified : the path
to the flag file is absolute, but the path to the permission file is relative,
meaning the `permission.txt` file will be read from the current working
directory. We can then just navigate to our home directory, create a
`permission.txt` file there that contains `yes` and run the program from there.

When we do that, we get the flag : `picoCTF{3v3r1ng_1$_r3l3t1v3_3b69633f}`.

Original writeup (http://blog.iodbh.net/picoctf2018-misc-miscellaneous-absolutely-relative.html).