# Pwn4

We're given a program. Let's see what it does.


Look like it's executing the `ls` command, passing whatever arguments go into it.

This is a classic command injection attack. We can simply just inject our command by passing `&&` followed by our command, meaning "execute this command, AND the one following it."

Let's run this attack on the live server copy of the program.


Original writeup (https://github.com/shawnduong/ctf-writeups/blob/master/2019-TAMU/Pwn/Pwn4.md).