Cyber Apocalypse 2023

Gunhead

Solved by Legend

Challenge description

During Pandora’s training, the Gunhead AI combat robot had been tampered with and was now malfunctioning, causing it to become uncontrollable. With the situation escalating rapidly, Pandora used her hacking skills to infiltrate the managing system of Gunhead and urgently needs to take it down.

We are provided with a URL and docker file for the challenge.

The website running showing the status report of the combat robot along with a command prompt to run some commands.

Going through the docker file I found a hint.

Here shell_exec is running which runs a command in a shell and returns the result of the output. And the hint suggested that it’s not sanitized so we can try to escape it and run shell commands.

It worked. So now we can simply read the flag.