In this post, we’re going to solve the PortSwigger lab: “Blind OS command injection with time delays”.

PortSwigger lab start page

To solve the lab, we need to cause a 10-second response time delay on the server. To do this, we’ll use the OS Command Injection found in the feedback function.

So we head to the “Submit feedback” button:

Submit feedback button on the page

Feedback form with fields to fill

As we can see, there are several fields to fill out. So let’s fill them in:

Completed form fields

Now, before submitting the feedback, we prepare Burp Suite to receive the requests:

Proxy configuration in browser

Activating interception in Burp Suite

With this ready, we submit the feedback to capture the request:

Submitting the feedback form

Request intercepted in Burp Suite

This is the request that’s sent to the server when submitting feedback. To handle it, we send it to the repeater by pressing Ctrl R:

Request sent to Burp Suite Repeater

Once in the repeater, we can observe how a valid request simply gets a 200 status response and not much else.

However, among all the parameters being sent, we’re going to try to see if we can execute a command in any of them:

Sleep command injection in the message parameter

$(sleep 10)

In the message field, we can escape a command to execute it and thus cause a 10-second response delay on the server, which was what the lab asked us to do.

In this way, we solve the lab:

Lab completed successfully

Share on X Share on LinkedIn Share on Telegram
Comment on Discord Visit the author page