Tags: web 


## Easter Egg: Crystal Gate - Web 446:

**Description:** I don't wanna go anywhere.
**Difficulty:** Easy
**Solved by:** Tahar

Open the URL, after simple and quick directory bruteforcing we find a directory **.git**. We download the Index file: ****. We open that downloaded file using a Hex Editor and theb we find an interesting folder/file!!

**** The hint is saying **Note2: I can't seem to remember the param. It's "file"** We use that file parameter and exploit it. It is an **LFI Vulnerability (Local File Inclusion)**.

**** We use this URL to exploit the vulnerability, and it becomes:
``````. We find too many files and the interesting one was **TheEgg.html**.

When we open that file:
**** we get the flag!


Original writeup (https://github.com/ImperiumCTF/Writeups/blob/master/TUCTF%202018/Web/Easter_Egg:_Crystal_Gate.md).