BASH Command Injection | PicoCTF 2017 [40] "Flagsay

BASH Command Injection | PicoCTF 2017 [40] "Flagsay_1"

Рет қаралды 8,566

Күн бұрын

Пікірлер: 15

@MrAboyobam 6 жыл бұрын

it also works if you just input $(cat flat.txt), there is no need to escape out of the initial echo command. but anyway it does the same in the end

@SREagle1 6 жыл бұрын

Just a hint for pronounciation: the "ß" in one of your patreons names, Jan Groß, may look similar to a B, but is actually a ligature, kind of a "double letter", and quite literally is two s'es (like w is historically a ligature of two u's or two v's). So the name is really spoken like the english "gross". Coincidentally groß is german for big. And like always: nice write up!

@mrnano1991 6 жыл бұрын

John, please create a video about you, and how you became a hacker. How you learn all these stuff and some tips for the newcomers. That would be awesome.

@mehh5505 6 жыл бұрын

That was an easy one. Want to see you soon solving HackTheBox *retired* challenges ☺️

@_JohnHammond 6 жыл бұрын

YEAH! I heard some of the challenges are being retired! I definitely want to showcase those, if I do have them solved! Do you know which are being retired?

@mehh5505 6 жыл бұрын

John Hammond that would be awesome. Hackthebox would announce that which would retire first ☺️

@Affael 6 жыл бұрын

why is it that when i try ls without the #, it gives me the structure of the root folders like bin, etc, opt ... ?

@_JohnHammond 6 жыл бұрын

I saw this too, and realized it -- kind of funny. It's interpreting the `/` forward-slash at the start of the flag ASCII image, and thinks you are literally requesting to view the contents of the root directory.

@Affael 6 жыл бұрын

John Hammond that makes sense, thank you. pretty funny