Root-Me Web Server Challenge Solutions

The following is a walk through to solving’s web server challenges (work in progress).


As always, check the source code for the password.


Command Injection;cat index.php

flag: S3rv1ceP1n9Sup3rS3cure

Open Redirect

Check source code.  You can see that when an option is selected, you are redirected to, for example,……&#8230;.  We need to figure out what the value followed by ‘&h=’ is so we can structure our redirect url accordingly.  Using an online md5 hash to text converter, we see the value represents the hashed value of the particular url.  MD5 hash ‘; and note the value.  Start tamper data and click the facebook link.  Edit the url so the website redirects to ‘?url=<MD5hash of>&#8217; instead of facebook.  Then submit the page.



User tamper data to change the user-agent from it’s original value to ‘admin’.

rr$Li9%L34qd1AAe27 HTTP Directory Indexing

Clue: Control + U

<!– include(“admin/pass.html”) –>

Navigate to:

J’ai bien l’impression que tu t’es fait avoir / Got rick rolled ?