Shelle
As a customized shell, only the specified commands under the bin directory can be used, and you cannot use special characters such as “/\|”.
$SHELL
Environment variable is used, /bin/sh is executed and can be executed as the original shell.
Jed Sheeran
If you googling “Jed Sheeran”, you can find SoundCloud page. And look at the description of the song “Beautiful People”, there’s a flag.
Oddball
This is an octal dump using the Linux od command. I unod it by hand.
Phonetic
You are given an obfuscated php file.
If you make good use of echo, you can see the unobfuscated code.
It appears to be a malware that steals credentials and functions as a web shell.
If the conditions such as User-Agent and Cookie are not met, you will be redirected to a forged 404 Page.
Modify the code or meet the conditions, I can see the webshell page, but nothing special (Especially no flag!).
Then, I checked that the code transmitting the stolen credentials are encoded in base64.
Decode the uuencoded part, you can get a flag!