Escaper

Web 500

Description

"I cannot escape my reality, can you escape it?"

Initial Exploration

Upon visiting the challenge webpage, I noticed an input field that accepted user input. Given the challenge name and description, I suspected it involved escaping a restricted environment or bypassing input sanitization.

Exploit

Through testing different inputs, I discovered that the input field was vulnerable to command injection. I used the following payload to retrieve the flag:

sth -or -exec cat ../flag.txt ; -quit

This worked because:

  • The application likely executed user input as part of a command-line operation.
  • The -or -exec portion injected a new command (cat ../flag.txt) to read the flag file.
  • The -quit ensured proper execution and clean exit.

Flag

FlagY{**********}