System Security Lab

Command Injection

Analyzing OS Command Execution Vulnerabilities

Overall Progress0%

Educational Purpose Only — Practice only on systems you own or have explicit written permission to test.

Level 1:Basic Command Chaining

Easy

This "Network Tools" dashboard allows administrators to ping IP addresses. The input is passed directly to a system shell without sanitization.

Inject a command to list the files in the current directory.

Use the Ping tool to find the "secret.txt" file in the server's directory.

root@server:~/net-tools

Generic Network Diagnostics Tool v1.0

Server Status: ONLINE

System Uptime: 42 days

----------------------------------------