JWT IV
Bookmarked!This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP
In this PentesterLab exercise, you will delve into a vulnerability found in Ruby's Net::FTP library, similar to the one identified by CVE-2017-17405. The exercise elucidates the critical difference between the File.open
and open
methods in Ruby. While File.open
allows attackers to read arbitrary files when they control the first argument, open
enables command execution by prefixing the command with a pipe (|
). By exploiting this flaw, you will learn to execute arbitrary commands and run the score
command to complete the challenge.
The exercise uses a JWT token as the injection point, highlighting that the signature verification occurs post-exploitation, thus bypassing the need for a valid signature. You will gain hands-on experience in constructing a malicious JWT token using Python and executing it to achieve code execution on the server. This practical exercise not only reinforces your understanding of Ruby vulnerabilities but also enhances your skills in exploiting them effectively.