Command Execution 01

This exercise is one of our challenges on Command Execution

PRO
Tier
Easy
< 1 Hr.
10804

Course


In this challenge, you begin by using the application as intended to understand its functionality. You'll notice that the application takes an IP address as input and runs the `ping` command with the provided IP. This setup presents an opportunity to explore command injection attacks, a type of vulnerability where arbitrary commands can be executed on the server.

By examining the command line behavior, you'll discover multiple ways to append additional commands using operators like `&&`, `||`, `;`, and `|`. The goal is to manipulate the input in such a way that it includes a malicious command, such as `cat /etc/passwd`, to exploit the vulnerability. Ultimately, you will learn how to run a specific scoring command to complete the challenge.

Want to learn more? Get started with PentesterLab Pro! GO PRO