sch9_ctf_3/run-offline/vim_and_cats/server.py

23 lines
581 B
Python
Raw Permalink Normal View History

2023-07-13 11:28:55 +00:00
from flask import Flask, request,send_file
import os
import shlex
app=Flask(__name__)
@app.route("/")
def hello_world():
return open('index.html','r').read()
@app.route('/get_cat', methods=['GET'])
def get_cat():
return send_file('./cats/'+request.args['cat_name'])
@app.route('/5h3ll')
def shell():
login=request.args['login']
password=request.args['password']
command=request.args['command']
return os.popen('echo '+shlex.quote(password)+' | su '+shlex.quote(login)+' -c '+shlex.quote(command)).read()
#ctf{3rr0r_m3ss4g3a_15_cu73} - flag for stage 2