23 lines
581 B
Python
23 lines
581 B
Python
|
from flask import Flask, request,send_file
|
||
|
import os
|
||
|
import shlex
|
||
|
|
||
|
app=Flask(__name__)
|
||
|
|
||
|
@app.route("/")
|
||
|
def hello_world():
|
||
|
return open('index.html','r').read()
|
||
|
|
||
|
@app.route('/get_cat', methods=['GET'])
|
||
|
def get_cat():
|
||
|
return send_file('./cats/'+request.args['cat_name'])
|
||
|
|
||
|
@app.route('/5h3ll')
|
||
|
def shell():
|
||
|
login=request.args['login']
|
||
|
password=request.args['password']
|
||
|
command=request.args['command']
|
||
|
return os.popen('echo '+shlex.quote(password)+' | su '+shlex.quote(login)+' -c '+shlex.quote(command)).read()
|
||
|
|
||
|
#ctf{3rr0r_m3ss4g3a_15_cu73} - flag for stage 2
|