We covered he solution of Rickdiculouslyeasy Vulhub where we demonstrated command injection in the web application running on the instance that allowed us to enumerate and extract sensitive information such as usernames on the machine. Using “string” tool to extract hidden passwords, we were able to login the FTP storage server and extract more hints that led to solving the challenge and extracting the flag.

It is a virtual box that was used to establish a Fedora server. Getting root access to the computer is the major goal. The objective of this straightforward Rick and Morty-themed boot 2 root is to gather as many flags as you can to reach the top, earning a total of 130 points.

The command injection was carried out on /cgi-bin/tracertool.cgi

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

command injection, CTF Writeup, Penetration Testing, vulnhub

Show Comments

Motasem

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles

Command Injection Explained | EP2 | Rickdiculouslyeasy Vulhub CTF Walkthrough

Leave a Reply Cancel reply

Motasem

About the Author

Other stories

Server Side Includes Injection Explained | EP1 | H.A.S.T.E Vulnhub Walkthrough CTF

Docker Container Penetration Testing | Docker VulnHub CTF Walkthrough

Press ESC to close

Command Injection Explained | EP2 | Rickdiculouslyeasy Vulhub CTF Walkthrough

Leave a Reply Cancel reply

Motasem

About the Author

Share Article:

Other stories

Server Side Includes Injection Explained | EP1 | H.A.S.T.E Vulnhub Walkthrough CTF

Docker Container Penetration Testing | Docker VulnHub CTF Walkthrough