send the request to burp repeater since we can execute commands this is command injection vulnerability
command injection vulnerability
if we try directly to execute linux commands they will be blocked
searching in PayloadsAllTheThingsarrow-up-right we find a working payload to bypass the restriction being put on this challenge
let's read the file cyberheroines.sh
Last updated 2 years ago
FLAG="CHCTF{t#!$_!s_T#3_w@Y}" echo -n "$FLAG" | sha256sum > cyberheroines.txt
CHCTF{t#!$_!s_T#3_w@Y}
