Overview
Misc challenge that appeared within the 2022 HackTheBox Cyber Apocalypse CTF that features a restricted shell/jail application.
Enumeration
After using netcat to connect to this service. We can see it is some form of a restricted shell. We view the options and choose the one that says it runs pwd; ls -la.
We verify this option, with a output that seems true. Now lets see what the other options do.
We created a file that has the contents of /bin/bash and used the program to read the file contents to us as well. Nothing out of the ordinary, but we could try some methods of exploitation.
Exploit - Command Injection
We will now try to chain chains together if this program is just executing our input without any sanitization.
Success! Looks like we have a form of command execution that is outside their specified options. We were able to run echo and ls -la. We will now try to find the flag for the challenge.
We can see the flag is luckily in the ctf directory. We are able to read it, Challenge complete!