Command Injection Practical Scenario | TryHackMe Epoch
We covered a practical scenario on command injection using TryHackMe Epoch room.
Room Answers
Find the flag in this vulnerable web application!
flag{7da6c7debd40bd611560c13d8149b647}
Video Transcript
So the idea is that guys there is this challenge here as you can see It’s kind of running a command line tool but accessible from the web so whatever you type here it gets executed. The purpose of this room is to get you familiar with the concept of command injection, which is an OWASP top 10 vulnerability. The problem in the web application of this scenario is that user queries are passed into the system directly without proper filtering or input validation.
To exploit this vulnerability, we can execute commands or two commands simultaneously in Linux using two ways. The first one is to use semicolon or we can use double ampersand between the two commands. We can get a shell on the system using a bash reverse shell eventually leading us to get access to the system and retrieve the flag.
