Web - Server

I am stuck at this task for several days. I am not sure if the magic char ’
’ works, because the response does show Ping OK, but it doesn’t show me the output of any shell command I give after
.
I guess it doesn’t work. If it does, even the output of the shell command is simplified to just ’Ping OK’, ’Syntax Error’, "Pink NOK", I still can find a way to get the content of the file.
any tips?

It’s a blind command injection, so it’s best to figure out how one would verify a blind attack.

Is it blind, whilst also having to bypass filters?

I’ve been going through https://github.com/kacperszurek/exploits/blob/master/GitList/exploit-bypass-php-escapeshellarg-escapeshellcmd.md for potentially bypassing filters, but nothing I try works.

I think I have a method for solving the `blind` part, once I can get past the filter and execute a command other than ping