JWT IV

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

PRO
Tier
Medium
< 1 Hr.
2494
Blue Badge

In this PentesterLab exercise, you will delve into a vulnerability found in Ruby's Net::FTP library, similar to the one identified by CVE-2017-17405. The exercise elucidates the critical difference between the File.open and open methods in Ruby. While File.open allows attackers to read arbitrary files when they control the first argument, open enables command execution by prefixing the command with a pipe (|). By exploiting this flaw, you will learn to execute arbitrary commands and run the score command to complete the challenge.

The exercise uses a JWT token as the injection point, highlighting that the signature verification occurs post-exploitation, thus bypassing the need for a valid signature. You will gain hands-on experience in constructing a malicious JWT token using Python and executing it to achieve code execution on the server. This practical exercise not only reinforces your understanding of Ruby vulnerabilities but also enhances your skills in exploiting them effectively.

Want to learn more? Get started with PentesterLab Pro! GOPRO