## smartcat3 (web)

This task was another web ping utility, similar to one from the teaser. We were able to submit a text, which would then
be passed to `ping` command, like so: `ping -c 1 OUR_TEXT`. This asks for shell command injection - it was not that easy
though, since server filtered most metacharacters, such as `$&|` and others. Some special characters were allowed though - in
particular, `<>()`. Using those, and bash's so called "process substitution" (which we found in `man bash`), we were able to
execute commands like `ping -c 1 <(ls)`. Note that this did not give us any output on the web interface - the server returned
only whether the command succeeded or not.

First problem we had to deal with, was filtering of spaces. With `$` disallowed too, we were not able to use `${IFS}` or similar
constructs, but we could still redirect any text to any file, for example:
This command, when used in process substitution context, should create file `/tmp/p4Rocks` with `ls` in it (from ASCII codes).
Later, we could simply execute this script using `<(python

Original writeup (https://github.com/p4-team/ctf/tree/master/2016-03-18-insomnihack-final/web_smartcat3).