We are presented with web page tool that takes as input a file name on the server and, using the sha256sum utility on the command line, outputs the hash of that file.


We are invited to try the `/etc/hosts` file, I then try `/etc/passwd` and other common files and the tool dutifully spits out their hash. I try `/flag.txt` and `/root/flag.txt` but it is `flag.txt` that reveals the file is in our current directory.

Playing with some different inputs it became clear that some special characters were allowed


but most were not.


I did actually write a quick script to find the full list of available characters which might have been a little overkill but it did reveal that `!"#$%&', "'", '()*+-;<=>@\^_{|}` were all restricted and only `,./:?[]~ \t\n\r` were allowed outside of `A-z0-9`,

The new line character immediately looked promising, and indeed submitting `flag.txt\ncat flag.txt` gets us the flag.