OSCP · OSWP · PWPP · PWPA · PAPA · EnCE · Linux+ · LPIC-1 · Network+ · Security+ · Pentest+ · eJPT · eWPT · BSc · PGCert
shelled Writeup
Platform: WebVerse
Target: https://fc35b936-3953-shelled-c27c0.events.webverselabs-pro.com/
Vulnerability classes: Command Injection
Loading the app showed what was obviously going to be some kind of command injection vuln, and so I took a look at what it, and it said that we could tell it what to do and it would create a command.
I figured i'd check the json file we could see in the screenshot above.
...and that was enough for the flag.
🍺 Quick message to readers: if my writeups help you, please consider a small donation to my buymeacoffee link here. This is not required but is very much appreciated! 🍺