RingZer0-219 - Bash Jail 2
Bash
Bash jail 2
Reading the code
Characters not allowed
if [[ $1 == *[bdks’;’’&’’ ’]* ]]
This part prevent us from using a couple of different characters (bdks)
Also you’re not allowed of using ; & and a space.
Those are the biggest contraints.
Conditions
if check_space "$input"
then
echo -e '\033[0;31mRestricted characters has been used\033[0m'
else
output="echo Your command is: $input"
eval $output
fi
If we read the code we need to land in the else condition and
have a command that will be able to output whatever the file flag.txt has.
The command must not have an b,d,k,s,;,&, espace character.
The tricky part is the fact that the command cannot have a space character.
https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
The url has a article where someone shows how brace expansion allows you to formulate commands without using a space character.
{echo,hello,world}
Would output : hello world
Knowing that we can use the pipe to send the command that we wish to use.
Solution
The cat
command respects the restriction from the if and will allow us to output the content of flag.txt
|{cat,flag.txt}