This lab uses a serialization-based session mechanism and the Ruby on Rails framework. There is a documented exploit that enables remote code execution via a gadget chain in this framework.
To solve the lab, find a documented exploit and adapt it to create a malicious serialized object containing a remote code execution payload. Then, pass this object into the website to delete the
morale.txt file from Carlos's home directory.
rm /home/carlos/morale.txtand run the script. This will generate a serialized object containing the payload. The output contains both a hexadecimal and Base64 encoded version of the object.