🏰 HTB - Moonbeam Tavern - Write-Up 🍺

As we step into the Moonbeam Tavern, we are greeted with an eerie interface whispering a challenge: uncover the hidden command injection vulnerability.

We begin interacting with the terminal. It welcomes us with a hint: ; for command injection. We immediately test classic payloads like ; whoami, ; id and ; ls.

These do not return output by default, so we prefix them with existing commands like examine ; whoami. The result is printed: root ✅. This confirms command execution.

From there, we enumerate the file system: examine ; ls -la /, examine ; ls -la /etc, examine ; ls -la /home... until we find something interesting.

Finally, we strike: examine ; cat /app/flag.txt and the flag is revealed! Mission accomplished in the shadows of the tavern.

The atmosphere, the medieval theme, and the technical twist made this a truly enjoyable challenge. 🏆