https://blog.zars.me/tags/bash/Recent content in Bash on Tyler's BlogHugoen-us© AthulMon, 10 Jul 2023 12:13:32 +0530https://blog.zars.me/posts/pwnable/cmd1/Mon, 10 Jul 2023 12:13:32 +0530https://blog.zars.me/posts/pwnable/cmd1/Starting to solve the pwnable.kr series of problems! Provided Source #include <stdio.h> #include <string.h> int filter(char* cmd){ int r=0; r += strstr(cmd, "flag")!=0; r += strstr(cmd, "sh")!=0; r += strstr(cmd, "tmp")!=0; return r; } int main(int argc, char* argv[], char** envp){ putenv("PATH=/thankyouverymuch"); if(filter(argv[1])) return 0; system( argv[1] ); return 0; } Breaking this down, we can see three main parts: Reset the $PATH to only include one entry Filter the input to no include any strings Run system() Solving The $PATH holds the main directories for where binaries are located, allowing for users to just run something short like pwd instead of /bin/pwd.