picoGym – caas challenge Write-up:

Challenge description

“Now presenting cowsay as a service”

Category: Web Exploitation

Link. Link to included file: index.js


After downloading the index.js file, this snippet of code stood out


It seems like the webapp is executing cowsay straight from the commandline, from the path /usr/games/cowsay. My first thought is to try to pipe the result into another command. Normal usage of the site would result in something similar to the following image:

A normal result from cowsay

But what if we try to pipe the result into something else?

grep seems to work, let’s try another
And now to grab our flag 🏁

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: