Blind Command Injection (in a slim docker container) - Solution to July '23 Challenge

🏆 The official writeup for the July '23 Challenge. The goal was to exploit a command injection vulnerability. However, there was no output to provide feedback (blind) and the challenge was running in a slimmed down docker container, making a reverse shell difficult (no netcat, curl, wget etc). The intended solution was to use openssl to obtain a reverse shell but many people found other solutions, including retrieving flag chars one at a time (add delay or return a different HTTP response code when the tested char is correct). Follow kavigihan:   / _kavigihan   Solve the challenge: https://challenge-0723.intigriti.io 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 🐱💻 Can't get enough of these challenges? - https://blog.intigriti.com/hackademy/... 👾 Join our Discord - https://go.intigriti.com/discord 🎙️ This show is hosted by   / _cryptocat   ( ‪@_CryptoCat‬ ) &   / intigriti   👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com 00:00 Intro 01:14 Recon 05:43 Command injection 08:13 No outbound communication? 09:12 Intended solution: OpenSSL reverse shell 12:47 Alternative #1: Blind data exfiltration 15:35 Alternative #2: Flag in the metadata 17:07 Recap 17:52 Conclusion