diff --git a/web-security/cmdi-touch-blind/_0/server b/web-security/cmdi-touch-blind/_0/server
new file mode 100755
index 00000000..60903fd1
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_0/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("full-path", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_1/server b/web-security/cmdi-touch-blind/_1/server
new file mode 100755
index 00000000..bc661507
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_1/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/initiative", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-dest", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_10/server b/web-security/cmdi-touch-blind/_10/server
new file mode 100755
index 00000000..72bdbd04
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_10/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/exercise", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-pathname", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_11/server b/web-security/cmdi-touch-blind/_11/server
new file mode 100755
index 00000000..a6f6c28b
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_11/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/competition", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-name", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_12/server b/web-security/cmdi-touch-blind/_12/server
new file mode 100755
index 00000000..3cb1aa2b
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_12/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/goal", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-or-directory", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_13/server b/web-security/cmdi-touch-blind/_13/server
new file mode 100755
index 00000000..554bbcb3
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_13/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/quest", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-name", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_14/server b/web-security/cmdi-touch-blind/_14/server
new file mode 100755
index 00000000..39b71147
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_14/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-or-dir", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_15/server b/web-security/cmdi-touch-blind/_15/server
new file mode 100755
index 00000000..04f05adb
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_15/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/mission", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-dest", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_2/server b/web-security/cmdi-touch-blind/_2/server
new file mode 100755
index 00000000..29b7e0d4
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_2/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/level", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("filename", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_3/server b/web-security/cmdi-touch-blind/_3/server
new file mode 100755
index 00000000..c91e2b7a
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_3/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/test", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-or-dir", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_4/server b/web-security/cmdi-touch-blind/_4/server
new file mode 100755
index 00000000..03b046a6
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_4/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/task", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("output-file", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_5/server b/web-security/cmdi-touch-blind/_5/server
new file mode 100755
index 00000000..1c65589b
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_5/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/resource", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-or-directory", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_6/server b/web-security/cmdi-touch-blind/_6/server
new file mode 100755
index 00000000..40701e6a
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_6/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/quest", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("file-dest", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_7/server b/web-security/cmdi-touch-blind/_7/server
new file mode 100755
index 00000000..d48419c0
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_7/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/dare", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("filename", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_8/server b/web-security/cmdi-touch-blind/_8/server
new file mode 100755
index 00000000..784ce264
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_8/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/puzzle", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("the-file", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/_9/server b/web-security/cmdi-touch-blind/_9/server
new file mode 100755
index 00000000..41aeae0a
--- /dev/null
+++ b/web-security/cmdi-touch-blind/_9/server
@@ -0,0 +1,39 @@
+#!/opt/pwn.college/python
+
+import subprocess
+import flask
+import os
+
+app = flask.Flask(__name__)
+
+
+@app.route("/goal", methods=["GET"])
+def challenge():
+ arg = flask.request.args.get("filepath", "/challenge/PWN")
+ command = f"touch {arg}"
+
+ print(f"DEBUG: {command=}")
+ result = subprocess.run(
+ command, # the command to run
+ shell=True, # use the shell to run this command
+ stdout=subprocess.PIPE, # capture the standard output
+ stderr=subprocess.STDOUT, # 2>&1
+ encoding="latin", # capture the resulting output as text
+ ).stdout
+
+ return f"""
+
+ Welcome to the touch service! Please choose a file to touch:
+
+
+ Output of {command}:
+ {result}
+
+ """
+
+
+os.setuid(os.geteuid())
+os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+app.secret_key = os.urandom(8)
+app.config["SERVER_NAME"] = f"challenge.localhost:80"
+app.run("challenge.localhost", 80)
diff --git a/web-security/cmdi-touch-blind/server b/web-security/cmdi-touch-blind/server
deleted file mode 100755
index 6c3547a3..00000000
--- a/web-security/cmdi-touch-blind/server
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/opt/pwn.college/python
-
-import subprocess
-import flask
-import os
-
-app = flask.Flask(__name__)
-
-@app.route("/", methods=["GET", "POST"])
-def challenge():
- filepath = flask.request.args.get("filepath", "/challenge")
- command = f"touch {filepath}"
- print(f"DEBUG: {command=}")
- subprocess.run(
- command, # the command to run
- shell=True, # use the shell to run this command
- stdout=subprocess.PIPE, # capture the standard output
- stderr=subprocess.STDOUT, # 2>&1
- encoding="latin" # capture the resulting output as text
- )
-
- return f"""
-
- Welcome to the touch service! Please choose a file to touch:
-
-
- Ran the command: touch {filepath}
-
- """
-
-os.setuid(os.geteuid())
-os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
-app.secret_key = os.urandom(8)
-app.config['SERVER_NAME'] = f"challenge.localhost:80"
-app.run("challenge.localhost", 80)
diff --git a/web-security/module.yml b/web-security/module.yml
index f7cde656..6cb01aed 100644
--- a/web-security/module.yml
+++ b/web-security/module.yml
@@ -45,6 +45,10 @@ challenges:
variants: 16
- id: cmdi-touch-blind
name: CMDi 5
+ auxiliary:
+ pwnshop:
+ challenge: CommandInjectionTouch
+ variants: 16
- id: cmdi-ls-filter
name: CMDi 6
auxiliary: