Nebula (Level 07) : Writeup

By Homeless | Linux, Writeups
January 11, 2018 0 Comments

Yesterday,I learn a lot about exploit. For now, Level07 is perl exploit . Let’s check it.

Level07 Description

index.cgi

I notice index.cgi is running as root and ping 3 time from input with parameter Host. Check it.

It work. And than check with command injection.

so i check my id so that to know what access is?

I found another file that thttpd.conf and check this source code.

port=7007
dir=/home/flag07
user=flag07

I understand to get flag07 user, we need to run as port 7007. Let’s try again!.

Results is not corectly work.

I decode the url and run again!

YO.! %3B is equal with ; (semi colon) and result work well.

Finally we can exploit  below command injection.

Bango!. I can do it again!.

Leave a Reply:

Your email address will not be published. Required fields are marked *