Tags: web rce 

Rating:

TLDR

`input=asd;ls` reveals the contents of the directory the web app was running on, encoded in base64. `input=asd;cat flag` reveals the contents in the 'flag' file, but says "haha, you're not done yet". `input=asd;cat Dockerfile` reveals a docker image.

![](https://toranova.xyz/scompute/wp-content/uploads/2022/04/pic-selected-220403-1531-18.png)

pull and run the image to get the flag

![](https://toranova.xyz/scompute/wp-content/uploads/2022/04/pic-selected-220403-1656-02-1024x57.png)

Original writeup (https://toranova.xyz/scompute/?p=321).