jail

rbash warmup

Solved By : thewhiteh4t

we can use compgen to check for available commands

compgen -c

another way is to use echo

now the known way of escaping with nc is by getting a shell on our “attacker” box but in this challenge we are not allowed to connect to remote machines so we are left with localhost

actually this is more easy…

nc -lvp 4444 -e /bin/sh &

now we can connect to it !


rbash yet another calculator

Solved By : thewhiteh4t

challenge mentions that filename has been changed this time but it is in the same working directory

so we can again use echo to check the file name

just google “echo read file”