Command Execution 01
Bookmarked!This exercise is one of our challenges on Command Execution
In this challenge, you begin by using the application as intended to understand its functionality. You'll notice that the application takes an IP address as input and runs the ping
command with the provided IP. This setup presents an opportunity to explore command injection attacks, a type of vulnerability where arbitrary commands can be executed on the server.
By examining the command line behavior, you'll discover multiple ways to append additional commands using operators like &&
, ||
, ;
, and |
. The goal is to manipulate the input in such a way that it includes a malicious command, such as cat /etc/passwd
, to exploit the vulnerability. Ultimately, you will learn how to run a specific scoring command to complete the challenge.