Command Injections - Bypassing Other Blacklisted Characters

HTB Content Academy
,
1

Hello everyone, Can anyone help me with this one?
I stuck on this academy section - Login : HTB Academy.

I used multiple scenarios but no luck:

127.0.0.1%0a{IFS}{ls,-la}${IFS}${PATH:0:1}Home
127.0.0.1%0a{IFS}{ls,-la}${IFS}${HOME:0:5}
127.0.0.1 ${LS_COLORS:10:1}${IFS}${PATH:0:1}home

I am not getting invalid input in the responses for the above, but no luck finding the username so i believe to be in the right path of solving it.
Can anyone give me a tip to continue?
thank you in advance

1 Like
2

Go step by step.
First, find a payload that gives you something in return. Example just ls
If that works, extend your payload. Example ls /

If you found a payload which works here, extend your payload further.

2 Likes
4

Could someone give a hint for this that is not this level of cryptic as the previous hints.