Introduction 03
This exercise will guide through the process of scoring an exercise to mark it as completed. However, this time, you will run commands on the underlying operating system. You will need to run the score command with your UUID.
This challenge starts with using the application's functionality as intended to understand how it operates. You provide an IP address, and the application runs a ping command using the IP address you provided. By analyzing this behavior, you'll discover the potential for command injection attacks, which allow you to execute arbitrary commands on the server.
You'll explore different ways to inject additional commands into the ping command. For instance, by providing a malicious parameter like 127.0.0.1 ; cat /etc/passwd
, you can trick the application into running multiple commands. The ultimate goal is to run the command /usr/local/bin/score [uuid]
to complete the exercise and score the lab.