This challenge is made to be a little harder than the examples seen in the Guided Exercises.
You are exploiting correctly (command injection) but your exploit is not showing you any output from the flag2.sh script.
If running the script is not giving you what you need, what else could you do with it?
FWIW, I was lost too, so I used command injection to make my own script (moo.sh) and run that. It worked fine, and I saw the script output. So that told me there was something tricky being done inside flag2.sh.
Hey there - I’ve included a Hint from the instructor’s solution guide below.
HINT: Is it appearing on the normal output? Recall file descriptors (FD).
File Descriptors were covered in a Note at the end of the Guided Exercise / Part 2. However, as I’m reading this over, I don’t think the Note sufficiently explains how to apply this concept in practice. I’m going to publish some updates to that Note momentarily.
ooo so maybe i need to change the file descriptor, right ?
thx i got the flag !!!
2 Likes