Pentester Lab: Rack Cookies and Commands Injection

  • Name: Pentester Lab: Rack Cookies and Commands Injection
  • Date release: 2 Oct 2012

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 317 MB)


(Size: 313 MB)




After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.

What you will learn?

  • Rack Cookies tampering
  • Writing small web scripts in Ruby
  • Commands injection attack

  • Filename: rack_cookies_and_commands_injection_i386.iso
  • File size: 317 MB
  • MD5: 3AB2F16009BFE8F37AA45EDA636E5FE8
  • SHA1: E5C8DD2C48B608AACF3BAC8F291872092BFBACE2

  • Filename: _rack_cookies_and_commands_injection.iso
  • File size: 313 MB
  • MD5: 2FCCBCEBC049D49B2C10E682764D9E5B
  • SHA1: 7CBAC7B4BAD5DB7C6C67939CC1806E5CDFEC5B1A

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign