It is simple command injection in the input box we can use ` characters
all commands have to be enclosed in `` chars
now if we list files using
we can see
index.php when we
we can see the code!
certain characters are
blacklisted we can only enter command less that
but there is no
flag.txt here, if we simply execute
then we can see flag.txt
fails because length of payload exceeds 15
payload to get flag :
linux redirection character!
< is NOT blacklisted!
In this challenge we were supposed to access internal files by spoofing client IP address, this can be done using
$ curl -H “X-Forwarded-For: 127.0.0.1” http://challenge.nahamcon.com:31428/