Rack Cookies and Commands injection
After a short brute force introduction, this exercise explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.
The ISO for this exercise can be downloaded by clicking here (318MB).
You can access the course for this exercise by clicking here