RingZer0-218 - Bash jail 1
Bash
Bash jail 1
Reading the code
while :
do
echo “Your input:”
read input
output=`$input`
done
The code is pretty straight forward, the script will execute the command that we send.
Spawning a shell
We need to spawn a shell at first.
/bin/bash
or
/bin/sh
Should do the work.
Solution
We know that the file containing the flag is located at /home/level1/flag.txt
We’re also not getting any output form the commands we’re typing.
For example ls -l does not give any output but we can see the errors in the
terminal.
So we need to find a way to output as an error the content of flag.txt
We can try to modify a file that has the name of the content of the flag.txt We’ll be getting an error because the file doesn’t exit and we’ll be able to see the flag.
sh-4.3$ tee $(cat /home/level1/flag.txt)
tee: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: Permission denied
The flag is : FLAG-U96l4k6m72a051GgE5EN0rA85499172K