Ping Command Injection Challenge

The form below lets you send pings to a remote host. Unfortunately, it has a vulnerability.

To use the form normally, enter a target, such as

127.0.0.1
To see the vulnerability, enter
127.0.0.1; ls
Target IP:    

Challenge: Add Your Name to the Winners Page

Put your name in this file:

/tmp/ping/winners
After one minute, your name will appear on the WINNERS page here:

http://attack3214.samsclass.info/root/ping-winners.html

Hint

To write to a file named foo, execute:
echo "HELLO" > foo


Last revised 4-5-18