Exploit Exercises Nebula 5: Level 07 Write Up

Exploit Exercises Nebula 5: Level 07 Write Up

Level: https://exploit-exercises.com/nebula/level07/

The flag07 user was writing their very first perl program that allowed them to ping hosts to see if they were reachable from the web server.

To do this level, log in as the level07 account with the password level07. Files for this level can be found in /home/flag07.

The program allows command injection via ?Host=

Lets set it to localhost; getflag

But how do we run it?
There is a thttpd.conf in that directory, can we use it?

In that file we can see: port=7007

curl is not installed on that system so I’ll use wget:

The %3B is the url encoded version of ;

However if for some reason thttpd isn’t running on port 7007 try rebooting the system.

You have successfully executed getflag on a target account.

Leave a Reply

Your email address will not be published. Required fields are marked *