»

Rack Cookies and Commands Injection

Rack Cookies and Commands Injection

Difficulty

Intermediate

Details

After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

What you will learn?

  • Rack Cookies tampering
  • Writing small web scripts in Ruby
  • Commands injection attack

Requirements

  • A computer with a virtualisation software
  • A basic understanding of HTTP
  • A basic understanding of Ruby
  • Yes, that's it!

Download

Mirror