Course

This challenge starts with using the application's functionality as intended to understand how it operates. You provide an IP address, and the application runs a ping command using the IP address you provided. By analyzing this behavior, you'll discover the potential for command injection attacks, which allow you to execute arbitrary commands on the server.

You'll explore different ways to inject additional commands into the ping command. For instance, by providing a malicious parameter like `127.0.0.1 ; cat /etc/passwd`, you can trick the application into running multiple commands. The ultimate goal is to run the command `/usr/local/bin/score [uuid]` to complete the exercise and score the lab.