PHP Command Injection

We got some interesting site where we can ping a site.

ping

As name suggestes, lets greb the request and play around it.

ummhmm, interesting

image

As the challenge said, we must need to read the index.php. So, Lets try to read it via command injection. Soultion is in challange name :P

nice, we can see the index.php is in parent directory.

ls -a

Lets try to cat it out. We got the index.php.

<?php 
$flag = "".file_get_contents(".passwd")."";
if(isset($_POST["ip"]) && !empty($_POST["ip"])){
        $response = shell_exec("timeout -k 5 5 bash -c 'ping -c 3 ".$_POST["ip"]."'");
        echo $response;
}
?>
index.php

huh, Well everything is clear, I just cat out the .passwd file and submitted it. Simple ? yes, Lets try to make a script to solve the challenge.