Moo
In this challenge, we need to escape the restricted shell we are in.
First we can try some commands to see what is working and what is not:
So as we can see, a lot of commands are restricted. But the echo one is not.
So now we know that our path is in the /usr/local/rbin folder. In this folder are the following files:
First I started looking at the rbash file:
I thought that it has something to do with the bash -r but in fact it was linked to the cowsay. If we check the GTFObins page of this binary we see that we can in fact run commands with it:
Now that we know that and that we know we can run vim (present in our path), we can write a file that will execute a shell:
Now we can save it and run it with cowsay:
Now that we escaped, we can run any command in the terminal. Lets try the one they told us we can’t run. And… Voila:
