Blind Command Injection (in a slim docker container) – Solution to July '23 Challenge

🏆 The official writeup for the July ’23 Challenge. The goal was to exploit a command injection vulnerability. However, there was no output to provide feedback (blind) and the challenge was running in a slimmed down docker container, making a reverse shell difficult (no netcat, curl, wget etc). The intended solution was to use openssl to obtain a reverse shell but many people found other solutions, including retrieving flag chars one at a time (add delay or return a different HTTP response code when the tested char is correct).

Follow kavigihan: https://twitter.com/_kavigihan
Solve the challenge: https://challenge-0723.intigriti.io

🧑💻 Sign up and start hacking right now – https://go.intigriti.com/register

🐱💻 Can’t get enough of these challenges? – https://blog.intigriti.com/hackademy/xss-challenges

👾 Join our Discord – https://go.intigriti.com/discord

🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti

👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com

00:00 Intro
01:14 Recon
05:43 Command injection
08:13 No outbound communication?
09:12 Intended solution: OpenSSL reverse shell
12:47 Alternative #1: Blind data exfiltration
15:35 Alternative #2: Flag in the metadata
17:07 Recap
17:52 Conclusion