RingZer0-220 - Bash Jail 3
Bash
Bash jail 3
Reading the code
Characters not allowed
if [[ $1 == *[bdksc]* ]]
This part prevent us from using a couple of different characters (bdksc)
Redirections
There’s also a few other problems that we face.
WARNING: this prompt is launched using ./prompt.sh 2>/dev/null
On the top it says that everything that is an STDERR gets redirected to /dev/null
And if we look at the output
output=`$input` &>/dev/null
STDOUT and STDERR also gets redirected to /dev/null
Solution
We only have another way out it’s using the STDIN (0)
The only command that i found that was usuable was eval
By using eval and the content of flag.txt, we can output the error in the STDIN
eval $(< /home/level3/flag.txt) 2>&0
./real.sh: line 39: FLAG-s9wXyc9WKx1X6N9G68fCR0M78sx09D3j: command not found