Grace Hopper

send the request to burp repeater since we can execute commands this is command injection vulnerability

if we try directly to execute linux commands they will be blocked

searching in PayloadsAllTheThings we find a working payload to bypass the restriction being put on this challenge

let's read the file cyberheroines.sh

FLAG="CHCTF{t#!$_!s_T#3_w@Y}"
echo -n "$FLAG" | sha256sum > cyberheroines.txt

CHCTF{t#!$_!s_T#3_w@Y}

Last updated 1 year ago

Was this helpful?