DVWA Command Execution: Using What You Find

[b00ms1ang]

So I am playing a game of treasure hunt with metasploitable and DVWA. I am working on the flag from the Command Execution.

I ran the command cat /etc/passwd and got a lovely slew of data... Including the location of my treasure at the very bottom!

TREASURE:x:1003:1003::/home/TREASURE:/bin/sh

I know how to exploit the weakness I found in /etc/passwd, easy stuff... But I'm not sure what command I need to run, and where I need to run it, to access my treasure (they all have little hints to get to the next treasure as they need to be found in order). This is my first SQL injection, and I've been following the tutorial on the this site. Perhaps I'm just misreading or missing something?

How do I open my treasure, and do I do so in DVWA, in my hacked shell, or directly in Metasploitable? (even a hint there would be enough) I can't seem to access the home directory directly from my Metasploitable. I've tried several different commands in DVWA like cat /etc/passwd/home/FLAG... Obviously I'm missing some obvious piece of information!

Only three other treasures to go from here, and I get a lollipop!

[madf0x]

Dude you have command execution.

Literally hundreds of different ways you could just setup a shell and call it good.

Stop focusing on getting the treasure, treat it like a normal box. You have execution, setup a shell or some means of persistence, THEN go goodie shopping.

[b00ms1ang]

Thanks for your input madf0x. I did find other treasure by digging through the shell, just not the treasure I was currently after. I found out that I was misinterpreting the data and that the TREASURE listed in the DVWA was actually a username I could brute-force for a password into a different part of the server, and find Treasure there. I'm working on that now.