PingCMD
š¦ ping-cmd
| Category | Author |
|---|---|
| š¦ Miscellaneous | Yahaya Meddy |
Challenge Prompt
Can you make the server reveal its secrets? It seems to be able to ping Google DNS, but what happens if you get a little creative with your input?
Problem Type
- Command Injection
Solve
When we nc into the machine we are prompted to Enter an IP address to ping! (We have tight security because we only allow '8.8.8.8'):
If we enter 8.8.8.8 the machine will ping the IP, but anything else we enter like 8.8.4.4 fails.
But what if we add an extra command onto the end of our allowed IP with ;?
If we connect again and this time send 8.8.8.8; cat flag.txt, the machine will ping the allowed IP and then run the cat command and output our flag:
