This was a web based challenge and the description says something related to command-line tools. Letβs try to solve this.
After starting the instance i visited the webpage and this is what we get to see:
This are all YAML files. I went through each of the files in example section and this one stood out:
The registry_modification.yml shows an error when i try to run it. I searched if there is any exploit available for YML files and i got this:
<https://net-square.com/yaml-deserialization-attack-in-python.html>
A YAML deserialization attack abuses Python YAML libraries (like PyYAML) when they deserialize untrusted YAML using unsafe loaders. Special YAML tags can instruct the loader to construct arbitrary Python objects β including ones that run code β letting an attacker execute commands or read files.