PHP

Dojo #30 - Terminal isolation

by Brumens
drag_indicator
info
drag_indicator
inputs
drag_indicator
inspect

Terminal isolation - Dojo #30

Active until : 7th Mars - 2024

How to submit your report

  1. Visit the Dojo program at https://yeswehack.com/programs/dojo
  2. Click on submit report
  3. Login or create your account
  4. Submit your report

Description

Break free from the isolation, get a Remote Code Execution (RCE) and steal the flag!

~ The flag can be found in the file : flag.txt.

Goal

BRUTE FORCE IS NOT ALLOWED! (Applies only to the Dojo challenge page itself.)

A valid solution for the challenge must meet these requirements:

  • Your report must include a proof of concept (POC) showing how you obtained the flag
  • The flag must be included in the report

Hints

Hint #1
expand_more

Read the PHP escapeshellarg function

Hint #2
expand_more

spaces is overestimated

Solution

Read the solution
expand_more

A good hacker never reveals its secrets.

drag_indicator
waf
INPUT
OUTPUT
drag_indicator
code
drag_indicator
result