pwnable.kr-cmd1

题目描述: Mommy! what is PATH environment in Linux? ssh [email protected] -p2222 (pw:guest) cmd1.c的源码为: 看起来过滤了flag,sh,tmp,没有关系,通过shell下面指令拼接可以绕过: “/bin/cat ‘fl”ag’” [email protected]:~$ ./cmd1 “/bin/cat ‘fl”ag’” mommy now I get what PATH environment is for 🙂 所以最终的flag为: mommy now I get what PATH environment is for 🙂   这里更新一种方法: [email protected]:~$ ls cmd1 cmd1.c flag [email protected]:~$ mkdir /tmp/cmd1 [email protected]:~$ cd /tmp/cmd1 [email protected]:/tmp/cmd1$ […]