Skip to content

Instantly share code, notes, and snippets.

@ma1f0y

ma1f0y/figlet.md

Last active December 19, 2021 12:44
Show Gist options
  • Save ma1f0y/232d90aa132b9f6c4cb9d9766b5c8562 to your computer and use it in GitHub Desktop.
Save ma1f0y/232d90aa132b9f6c4cb9d9766b5c8562 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
figlet.md

Figlet

description

here is a figlet as a service , it's only running the "figlet" command , try to hack it!

Aneesh

write-up

Analysis

In this challenge we can enter some text and it will display the text in figlet format. From the discription we can see the backend of the web-app is running the figlet command, So we can try command injection payloads.

we can see some character are blocked/filetered ,but it can be easily bypassed using $() trick

solution

$(ls) to get the list of files

$(cat flag.txt) to get the flag

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment