| Step | Technique | Why it mattered | |------|------------|-----------------| | 1️⃣ | | Confirmed FTP with anonymous login. | | 2️⃣ | Anonymous login | Gained immediate access to the file system. | | 3️⃣ | Recursive download / SHOWDOTS | Bypassed the default “hide dotfiles” behavior to reveal hidden directory. | | 4️⃣ | Locate hidden credentials | Discovered admin username/password for the web panel. | | 5️⃣ | Web login | Pivoted from FTP to the web admin interface. | | 6️⃣ | Backup download | Obtained a tarball containing the flag file. | | 7️⃣ | Extract flag | Simple tar extraction yielded flag.txt . |
Govardhan refreshed the page. There it was: "Final_Payroll.xls". It was sitting safely on the server, ready for the Head Office to collect.
