We covered he solution of Rickdiculouslyeasy Vulhub where we demonstrated command injection in the web application running on the instance that allowed us to enumerate and extract sensitive information such as usernames on the machine. Using “string” tool to extract hidden passwords, we were able to login the FTP storage server and extract more hints that led to solving the challenge and extracting the flag.

It is a virtual box that was used to establish a Fedora server. Getting root access to the computer is the major goal. The objective of this straightforward Rick and Morty-themed boot 2 root is to gather as many flags as you can to reach the top, earning a total of 130 points.

The command injection was carried out on /cgi-bin/tracertool.cgi

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles