Project 1: Command Injection (15 pts.)

What You Need


To understand and exploit the simplest type of vulnerability: command injection.

Introduction to the Bash Command Line

In a Web browser, go to:

Afer a few seconds, a Linux terminal opens, as shown below. Use it to practice these commands:

datePrint out the date and time
lsList files and directories in the current working directory
pwdPrint the current working directory
cdMove to your home directory
cd /homeMove to the /home directory
cd ..Move to parent of the current working directory
echo "Hi"Print the the text "Hi"
date >> /tmp/fooPrint the date into the file /tmp/foo
echo "Hi" >> /tmp/fooPrint the text "Hi" into the file /tmp/foo
cat /tmp/fooPrint the contents of the file /tmp/foo
ls -l /tmpList, in long form, the files and folders of the directory /tmp

If you want more information about Bash, try this Unix tutorial.

Task A: Create a File (5 pts.)

Create a file in any directory, with any name, containing your name and the current date and time, like this:

You can use any Linux or Unix system you like--you don't need to use that online shell.

Capturing a Screen Image

Capture a WHOLE-DESKTOP image showing the output of the cat command, as shown above.

To capture a screen image:

Save the image as "Proj 1a from YOUR NAME".

Make sure your image has these required items:

Task B: Exploit the Ping Form (10 pts.)

In a browser, go to

That form is intended to perform pings, but it is vulnerable and can be exploited to do other things. Get your name on the Winners board, as shown below.

Capturing a Screen Image

Capture a WHOLE-DESKTOP image showing your name on the Winners board.

Save the image as "Proj 1b from YOUR NAME".

Turning in Your Project

Send the images to with a subject of "Proj 1 from YOUR NAME". Send a Cc: to yourself.

Posted 8-14-16 12:11 pm
URL updated 1-17-18 5 pm
Switched to JS Unix 1-24-18
Font changed 1-14-19