Untitled

The website are simple. It have few functionalities that can be accessed. It seems like the website run a command based on user's input.

Untitled

I try to inject system command such as ls and it show all files on current directory.

Untitled

However, it can't be used to show /etc/passwd file and other commands that have space on it.

Untitled

I have playing with some command injection but it seems useless since nothing displayed on the web.

cat /etc/passwd
;cat /etc/passwd
; id && ls
whoami && id

However, this challenges also give us the whole code. So let's doing some code review here.

From MonitorModel.php we can see that the code doing some filter to "Space" and replace it with "" or nothing. So if you input "My Name" it will become "MyName".

Untitled

After that, it will execute santa_mon.sh with shell_exec and use our input as an argument for it.