Command Injection
Notes here
Practical
We are given a web application that allows us to enter an IP address to test its availability.
It shows us our command and the output from it.
Flag 1:
The first flag is to find out what user is this application running as, we can do this by using ; to exit out of the current command and then use the whoami command to return the user.
Flag 2:
The next flag asks us to get the contents of the flag located here /home/tryhackme/flag.txt.
To do this I check what our current path was by running the following command.
;echo "$(cd "$(dirname "$1")" && pwd -P)/$(basename "$1")"This returns our full path and give me the information I need to write the next command I need to get the flag.
;cat ../../../home/tryhackme/flag.txtWhich reads the contents of the flag file and returns the flag.
Last updated