Command injection is an attack that is used to run direct command line commands on the web. This is often encountered from several websites that use the pingback function on the web, which causes vulnerability if you do not use source code validation on the website's pingback function.
Here I will provide examples of command injection on DVWA from low to high levels, in this case DVWA is recommended for beginners who want to learn the types of attacks on a website or for beginners who want to jump on a bug bounty, by understanding the types of attacks and how to attack DVWA you can easily understand why this attack can be done against the target and develop it.
1. Level low command injection
Here we can see the vulnerability in the source code provided by DVWA at a low level, where there is no validation of auxiliary commands such as :
- &&
- ||
- ;
- ,
- etc
Meanwhile, if you often or have used command line commands on Linux or Windows, there are auxiliary commands to execute two or more commands at a time, in this case (DVWA) you can use command injection such as :
<IP free> && dir (for windows)
<IP free> && ls (for linux)
Then it will display a directory like this:
You can send a shell or even you can do netcat or reverse tcp on the command injection on the vulnerability, here you can use the reverse shell tcp command here.
2. Level medium command injection
At the medium level we get two validations such as && and ;, so from here we cannot do command injection with these commands. But we can use other commands, such as :
- &
- ||
- |
- ,
- etc
For example, you can use the command :
<freeIP> & dir
This will result in :
3. Level high command injection
We can see that some command auxiliary functions have been validated, but that doesn't mean we can't bypass them, here we can use adjacent commands, because in the command line this is still considered valid to run, such as :
<free IP> |dir
Then the result will appear:
4. Level Impossible command injection
For this level we only get prevention of validating the correct source code to avoid command injection attacks.
0 Comments