Blind Command Injection (in a slim docker container) - Solution to July '23 Challenge

Опубликовано: 25 Июль 2023
на канале: Intigriti

2,864

115

🏆 The official writeup for the July '23 Challenge. The goal was to exploit a command injection vulnerability. However, there was no output to provide feedback (blind) and the challenge was running in a slimmed down docker container, making a reverse shell difficult (no netcat, curl, wget etc). The intended solution was to use openssl to obtain a reverse shell but many people found other solutions, including retrieving flag chars one at a time (add delay or return a different HTTP response code when the tested char is correct).

Follow kavigihan: / _kavigihan
Solve the challenge: https://challenge-0723.intigriti.io

🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register

🐱💻 Can't get enough of these challenges? - https://blog.intigriti.com/hackademy/...

👾 Join our Discord - https://go.intigriti.com/discord

🎙️ This show is hosted by / _cryptocat ( ‪@_CryptoCat‬ ) & / intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

00:00 Intro
01:14 Recon
05:43 Command injection
08:13 No outbound communication?
09:12 Intended solution: OpenSSL reverse shell
12:47 Alternative #1: Blind data exfiltration
15:35 Alternative #2: Flag in the metadata
17:07 Recap
17:52 Conclusion