Lab description Link to heading

In this lab, we will work with the FFF (fast file finder) website and try to inject a command through its search box. Knowledge about the arguments of some commands will help us.

Difficulty - 3 zippers out of 5

Solution Link to heading

• Bot saying: In this exercise, we will try to exploit vulnerabilities in the Fast File Finder website. The site has a search box. Try typing the command ;ls; into the search box. What did the site return?

• Bot saying: The site has special character shielding, so you can’t inject a command just like that. However, with proper persistence, you can find dangerous functionality even in seemingly harmless commands. Type the find -help command into the search bar. Examine the result. What argument of the find command can be potentially used by an attacker?

It’s about exec

• Bot saying: Correct. Try entering an injection with this argument into the search box, such as file -or -exec whoami ; -quit Enter the result of the command.

• Bot saying: So, we have found out that you can inject commands using find command arguments. Now everything is in your hands. Find a flag in one of the files.