This challenge was the second part of the YWS challenge where a custom web server was hosting a website. From YMS, we found that there was a directory traversal bug that allowed us to list the files in the root directory. We could see that the root directory contained what appeared to be the flag.txt file we needed to read.
Sending a request for something that doesn't exist returns "Could not find <Input>". Attempting to retrieve the flag with "GET /../flag.txt HTTP/1.1" does not return anything from the server.
To get a better understanding of what is happening we open up the binary in IDA Pro. We locate the function responsible for handling the request at address 0x400D00. During the parsing of the request the function attempts to sanitize any requests that contain a "../" by rewinding the buffer to the first "/" before these characters. If one does not exist in the buffer, a buffer underflow occurs because the routine attempts to find a "/" anywhere in on the stack at a lower memor