My friend still doesn't believe me that his bakery website is insecure. I told him that anyone can access everything on his server, but he still doesn't believe me (even after the whole admin page fiasco). To prove it to him, he hid a flag in a file on his server and wants me to provide it to him.
Note: If you break something in this problem, please report it immediatly on the help site. That way, we can fix it and the competition can go on for everyone.
- See if you can access a list of classes that are used in the file
- Read into the Popen class in python
Look at the writeup here.