Introduction 03

Bookmarked!

This exercise will guide through the process of scoring an exercise to mark it as completed. However, this time, you will run commands on the underlying operating system. You will need to run the score command with your UUID.

PRO
Tier
Easy
< 1 Hr.
0

This challenge starts with using the application's functionality as intended to understand how it operates. You provide an IP address, and the application runs a ping command using the IP address you provided. By analyzing this behavior, you'll discover the potential for command injection attacks, which allow you to execute arbitrary commands on the server.

You'll explore different ways to inject additional commands into the ping command. For instance, by providing a malicious parameter like 127.0.0.1 ; cat /etc/passwd, you can trick the application into running multiple commands. The ultimate goal is to run the command /usr/local/bin/score [uuid] to complete the exercise and score the lab.

Want to learn more? Get started with PentesterLab Pro! GOPRO