Category: Web
Difficulty: Easy
Challenge Description / Prompt:
A Lua online executor
There’s a secret function that can execute os command that can be used to read flag.txt
The app allows user to execute Lua codes
My initial guess is to use os.execute() function to run some shell commands, but when I try it, returns an error suggesting that the os module is deliberately removed from the environment (Lua includes os module by default)
Lua stores modules in _G variables, so i write a for loop to loop through all modules in the environment:
for k, v in pairs(_G) do
print(k, type(v))
end
The app returned list of modules, one interesting entry is S3cr3t0sEx3cFun function
Since it’s a function, my guess is that it behave the same as os function, where it takes shell command as it input
I use it to traverse the file system, and then retrieve the flag using print(S3cr3t0sEx3cFun(”cat ../flag”))
