The website are simple. It have few functionalities that can be accessed. It seems like the website run a command based on user's input.
I try to inject system command such as ls
and it show all files on current directory.
However, it can't be used to show /etc/passwd
file and other commands that have space on it.
I have playing with some command injection but it seems useless since nothing displayed on the web.
cat /etc/passwd
;cat /etc/passwd
; id && ls
whoami && id
However, this challenges also give us the whole code. So let's doing some code review here.
From MonitorModel.php
we can see that the code doing some filter to "Space"
and replace it with ""
or nothing. So if you input "My Name"
it will become "MyName"
.
After that, it will execute santa_mon.sh
with shell_exec
and use our input as an argument for it.