We covered he solution of Rickdiculouslyeasy Vulhub where we demonstrated command injection in the web application running on the instance that allowed us to enumerate and extract sensitive information such as usernames on the machine. Using “string” tool to extract hidden passwords, we were able to login the FTP storage server and extract more hints that led to solving the challenge and extracting the flag.
It is a virtual box that was used to establish a Fedora server. Getting root access to the computer is the major goal. The objective of this straightforward Rick and Morty-themed boot 2 root is to gather as many flags as you can to reach the top, earning a total of 130 points.
The command injection was carried out on /cgi-bin/tracertool.cgi
The Complete Practical Web Application Penetration Testing Course
Video Walkthrough