Kringle Kiosk

Objective

Explore the options on the menu to obtain a map of Santa's Castle, the rules of engagement for this Holiday Hack Challenge, and a listing of where to find each elf. To exploit the app and complete this terminal, you'll have to escape the menu to a bash shell.

Analysis

When you select option 4 to create your badge, it takes your name as user input and runs a Christmas-themed version of cowsay. Since cowsay is a command line program, you might be able to perform a command injection to start the bash shell. In a *nix shell, you can run two or more separate commands per line by separating them with semicolons.

Solution

Step 1: Select option 4 from the menu

Step 2: Enter your name followed by ";bash"