Crawler

hackerlab

Task: Web crawler application with login. Solution: Brute-forced credentials (admin:qqq111), then exploited Command Injection via unsanitized URL parameter passed to shell_exec().

command_injection rce php apache unsanitized_input semicolon_injection shell_exec credential_bruteforce web_crawler pipe_injection

Credential brute-forcing (admin:qqq111)Command Injection via unsanitized shell_exec() inputFilesystem enumerationPipe (|) and semicolon (;) injection

$ ls tags/ techniques/

command_injection rce php apache unsanitized_input semicolon_injection shell_exec credential_bruteforce web_crawler pipe_injection

Credential brute-forcing (admin:qqq111)Command Injection via unsanitized shell_exec() inputFilesystem enumerationPipe (|) and semicolon (;) injection

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[web][Pro]Провальный код (Failed Code)— hackerlab
[web][Pro]Секрет (Secret)— hackerlab
[web][Pro]Pryzhok— hackerlab
[web][Pro]Творение безумца (Work of a Madman)— hackerlab
[web][Pro]Базовая авторизация 2 (Basic Auth 2)— hackerlab