Command Execution 01

This exercise is one of our challenges on Command Execution

< 1 Hr.


In this challenge, you begin by using the application as intended to understand its functionality. You'll notice that the application takes an IP address as input and runs the `ping` command with the provided IP. This setup presents an opportunity to explore command injection attacks, a type of vulnerability where arbitrary commands can be executed on the server.

By examining the command line behavior, you'll discover multiple ways to append additional commands using operators like `&&`, `||`, `;`, and `|`. The goal is to manipulate the input in such a way that it includes a malicious command, such as `cat /etc/passwd`, to exploit the vulnerability. Ultimately, you will learn how to run a specific scoring command to complete the challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO