- Joined
- 11 yrs. 6 mth. 27 days
- Messages
- 5,381
- Reaction score
- 18,380
- Age
- 45
- Wallet
- 11,590$
- [email protected]
Overview:
The whole point of command injection is to inject and execute malicious commands specified by the attacker in the vulnerable application. Most of the time, web applications need to use backend programs or applications to their advantage in order to complete some functionality. This can prove to be disastrous because developers get lazy and don't take proper measures to secure their scripts. This most likely leads to their system being compromised(lel)
Example of poor, lazy coding:
Why is this a problem?
I'm glad you asked. In case you don't have any knowledge on PHP, this script accepts user input and is not sanitized, which is bad D: In a normal situation a user might go to a link like:
And it would display some example text:
Okay so all I have to do now is add a nice little semi-colon and a shell command to exploit this.
ls
The output would be something like:
How to perform an attack:
In the last section I showed you a basic example of how command injection works. Now we're gonna talk about different injections and how they're executed.
It's reasonable to assume that a develeoper with half a brain would filter out some of the most common forms of command injection, such as the semi-colon. Well, there's ways around that
Here's some operators you can use:
Pipes
Example: |
Pipes allow the user to chain multiple commands together. It will redirect the output of one command straight to the next, so, you can execute unlimited commands by chaining them with multiple pipes. Cool? Yes.
Inline commands
Example: ; and $
Here you find the semi-colon in the original example. Adding a semicolon tells the command line to execute everything before the semicolon, then execute everything after like it's on a fresh command line.
Logical Operators
Example: $ and && and ||
These operators perform logical operations against the data, simple as that.
How they're used:
`shell_command` - executes the command
$(shell_command) - executes the command
| shell_command - executes the command and returns the output of the command
|| shell_command - executes the command and returns the output of the command
; shell_command - executes the command and returns the output of the command
&& shell_command executes the command and returns the output of the command
> target_file - overwrites the target file with the output of the previous command
>> target_file - appends the target file with the output of the previous command
< target_file - send contents of target_file to the previous command
These are just a few examples of command injection vectors, get creative and use your imagination. If you have knowledge on the system you're exploiting, it shouldn't be hard.
Locate shell
ls -X
Access shell!
The whole point of command injection is to inject and execute malicious commands specified by the attacker in the vulnerable application. Most of the time, web applications need to use backend programs or applications to their advantage in order to complete some functionality. This can prove to be disastrous because developers get lazy and don't take proper measures to secure their scripts. This most likely leads to their system being compromised(lel)
Example of poor, lazy coding:
Why is this a problem?
I'm glad you asked. In case you don't have any knowledge on PHP, this script accepts user input and is not sanitized, which is bad D: In a normal situation a user might go to a link like:
And it would display some example text:
Okay so all I have to do now is add a nice little semi-colon and a shell command to exploit this.
ls
The output would be something like:
How to perform an attack:
In the last section I showed you a basic example of how command injection works. Now we're gonna talk about different injections and how they're executed.
It's reasonable to assume that a develeoper with half a brain would filter out some of the most common forms of command injection, such as the semi-colon. Well, there's ways around that
Here's some operators you can use:Pipes
Example: |
Pipes allow the user to chain multiple commands together. It will redirect the output of one command straight to the next, so, you can execute unlimited commands by chaining them with multiple pipes. Cool? Yes.
Inline commands
Example: ; and $
Here you find the semi-colon in the original example. Adding a semicolon tells the command line to execute everything before the semicolon, then execute everything after like it's on a fresh command line.
Logical Operators
Example: $ and && and ||
These operators perform logical operations against the data, simple as that.
How they're used:
`shell_command` - executes the command
$(shell_command) - executes the command
| shell_command - executes the command and returns the output of the command
|| shell_command - executes the command and returns the output of the command
; shell_command - executes the command and returns the output of the command
&& shell_command executes the command and returns the output of the command
> target_file - overwrites the target file with the output of the previous command
>> target_file - appends the target file with the output of the previous command
< target_file - send contents of target_file to the previous command
These are just a few examples of command injection vectors, get creative and use your imagination. If you have knowledge on the system you're exploiting, it shouldn't be hard.
Locate shell
ls -X
Access shell!
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding