Bash is always awesome. As a CTF player, I’ve tasted some jail-challenges based on bash shell.
Last night, my friend asked me to help solving a pwnable.kr problem - another jail.
We can input a string, if it passes the filter function, then it’ll execute in rbash (restricted bash) with no init environment. Filter function be like:
So I was taking a shot on it.
Not quite hard, in my opinion. You still can use shell variables and there’s a good predefined one
We can use some basic bash string operators to resharp it into the command we want.
/bin/rbash -> hash -> help -> (our command)
You got the idea, huh? So I’ve extended it into a larger case and named project
bashfuck (cuz it’s weird like others language: brainfuck, jsfuck)
You can find it in source code here bashfuck 🙂
Have fun guys! 😀