If you like to read our old blogs you are welcome, I4INFO
Hack lu CTF web challenges easy compared to the other CTF, well then basically the bashful, was the easiest of them.
The source code was provided, I started to analyse the source . I could not find anything. I was pretty new to bash type of website. I thought reading about them more. I found something very intresting.
The easiest way to test a web server via HTTP request is to inject the bash command through the user agent. Refer for info.
wget -U '() { :;}; /bin/bash -c "any shell command"' url</blackquote>Thank you for reading the blog!