Course

In this challenge, you'll exploit a vulnerability in `exiftool` that affects its handling of the DjVu file format. `exiftool` is a Perl-based tool used to retrieve information from image files and supports a wide array of file formats. The vulnerability lies in the improper escaping of characters like `$` and `@` in the Perl `eval(...)` function, which allows for arbitrary code execution.

The practical exercise involves creating a malicious DjVu file that initially runs the `cowsay` command and then adapting it to execute the `score` command (`/usr/local/bin/score [UUID]`). This requires understanding the file format and modifying the payload to adjust the string size correctly, ensuring the command executes as intended. The lab provides a hands-on experience in manipulating file headers and exploiting software vulnerabilities.