from flask import Flask, request,send_file
import os
import shlex

app=Flask(__name__)

@app.route("/")
def hello_world():
    return open('index.html','r').read()

@app.route('/get_cat', methods=['GET'])
def get_cat():
    return send_file('./cats/'+request.args['cat_name'])

@app.route('/5h3ll')
def shell():
    login=request.args['login']
    password=request.args['password']
    command=request.args['command']
    return os.popen('echo '+shlex.quote(password)+' | su '+shlex.quote(login)+' -c '+shlex.quote(command)).read()

#ctf{3rr0r_m3ss4g3a_15_cu73} - flag for stage 2