Challenge Name: Ping-Pong
Author :L0xm1
Challenge Description
A simple ping service .Is it vulnerable?
Writeup
When you visit the challenge link ,we are welcomed with "Enter the hostname to ping Example: /ping?address=google.com"
When we visit the /ping endpoint with ?address={hostname to ping}and give /ping?address=google.com ,we get the ping response of google.com.
Here if we give /ping?address=google.com|ls we can get the contents in the directory i.e (app.py flag.txt templates)
When we try /ping?address=google.com|cat flag.txt it throws out an error Not Allowed which indicates cat is blacklisted.
We can use head,more,tail etc to read the flag.
When we give /ping?address=google.com|head flag.txt we get the flag.
FLAG
shaktictf{c0mm4nd_1nj3cti0n_iz_3asy_right??}