Rack Cookies and Commands injection


After a short brute force introduction, this exercise explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

ISO

The ISO for this exercise can be downloaded by clicking here (318MB).


Course

You can access the course for this exercise by clicking here