JWT IV

This exercise covers the exploitation of a vulnerability similar to the recent CVE-2017-17405 impacting Ruby Net::FTP

PRO
Tier
Medium
< 1 Hr.
2448
Blue Badge

Course


In this PentesterLab exercise, you will delve into a vulnerability found in Ruby's Net::FTP library, similar to the one identified by CVE-2017-17405. The exercise elucidates the critical difference between the `File.open` and `open` methods in Ruby. While `File.open` allows attackers to read arbitrary files when they control the first argument, `open` enables command execution by prefixing the command with a pipe (`|`). By exploiting this flaw, you will learn to execute arbitrary commands and run the `score` command to complete the challenge.

The exercise uses a JWT token as the injection point, highlighting that the signature verification occurs post-exploitation, thus bypassing the need for a valid signature. You will gain hands-on experience in constructing a malicious JWT token using Python and executing it to achieve code execution on the server. This practical exercise not only reinforces your understanding of Ruby vulnerabilities but also enhances your skills in exploiting them effectively.

Want to learn more? Get started with PentesterLab Pro! GO PRO