Command Injection

• What variable stores the user's input in the PHP code snippet in this task?

$title

• What HTTP method is used to retrieve data submitted by a user in the PHP code snippet?

GET

• If I wanted to execute the id command in the Python code snippet, what route would I need to visit?

/id

• What payload would I use if I wanted to determine what user the application is running as?

whoami

• What popular network tool would I use to test for blind command injection on a Linux machine?

ping

• What payload would I use to test a Windows machine for blind command injection?

timeout

• What is the term for the process of "cleaning" user input that is provided to an application?

sanitisation

• What user is this application running as?

www-data

• What are the contents of the flag located in /home/tryhackme/flag.txt?

THM{COMMAND_INJECTION_COMPLETE}