BOOK THIS SPACE FOR AD
ARTICLE ADThis lab uses a serialization-based session mechanism and the Ruby on Rails framework. There are documented exploits that enable remote code execution via a gadget chain in this framework. To solve the lab, find a documented exploit and adapt it to create a malicious serialized object containing a remote code execution payload. Then, delete the morale.txt file from Carlos’s home directory | Karthikeyan Nagaraj
This lab uses a serialization-based session mechanism and the Ruby on Rails framework. There are documented exploits that enable remote code execution via a gadget chain in this framework.
To solve the lab, find a documented exploit and adapt it to create a malicious serialized object containing a remote code execution payload. Then, pass this object into the website to delete the morale.txt file from Carlos's home directory.
You can log in to your own account using the following credentials: wiener:peter
Log in to your own account and notice that the session cookie contains a serialized (“marshaled”) Ruby object. Send a request containing this session cookie to Burp Repeater.Browse the web to find the Universal Deserialisation Gadget for Ruby 2.x-3.x by vakzz on devcraft.io. Copy the final script for generating the payload.Modify the script as follows:Change the command that should be executed from id to rm /home/carlos/morale.txt.Replace the final two lines with puts Base64.encode64(payload). This ensures that the payload is output in the correct format for you to use for the lab.Run the script and copy the resulting Base64-encoded object.In Burp Repeater, replace your session cookie with the malicious one you just created. Select the entire cookie, right-click and Click Convert selection, Click URL, and then Click URL Encode All Characters.Send the request to solve the lab.
A YouTube Channel for Cybersecurity Lab’s Poc and Write-ups
Telegram Channel for Free Ethical Hacking Dumps
Thank you for Reading!
Happy Ethical Hacking ~
Author: Karthikeyan Nagaraj ~ Cyberw1ng