The challenge starts with a URL:
Based on the URL, you can tell that the server is using the variable path to get files.
You can abuse this to look around the filesystem, but there is a filtering system in place to stop you.
Use (double) URL encoding to get around that.
More detailed, original writeup: