Thứ Ba, Tháng Hai 7, 2023
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
No Result
View All Result
Home Tech

How to exploit Command Injection error

18 Tháng Sáu, 2022
in Tech
0
How to exploit Command Injection error
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Các bài viết liên quan:

How to get travel insurance

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023
5 Best Software to Stream Games

5 Best Software to Stream Games

2 Tháng Một, 2023
IBM Bridge To Cloud For Power

IBM Bridge To Cloud For Power- Everything You Should Know

2 Tháng Một, 2023
Top 10 CRM Software For Construction 

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
What Is IBM Software

What Is IBM Software? 4 Business Segments at IBM You Should Know

26 Tháng Mười Hai, 2022

In this article, we will learn how to exploit Command Injection errors through the OsCommandInjection room on TryHackMe.

How to exploit Command Injection error

How to exploit Command Injection error

Command Injection is the abuse of an application to execute commands on the operating system using the same privileges as the program executing on the device.

  • Command Injection remains one of the top ten vulnerabilities in OWASP.

It is also known as “Remote Code Execution” (RCE) because an attacker can trick the application into executing a string payload provided by an attacker without direct access to the system itself (i.e. an interactive shell).

The web server will continue to process and execute the code under the “privilege” and “access control” of the person running the application.

  • Furthermore, due to the ability to execute code remotely within an application, these vulnerabilities are most commonly hunted by attackers because they allow attackers to actively communicate with vulnerable systems, allowing attackers to attack that reads system files, data, or other similar things.

command: whoami – It will list the victim’s account under which the application is operating as an example of command injection.

[Question 1.1] Read me!

Answer: No need to answer.

How to exploit Command Injection error 61

This vulnerability exists because applications frequently use functions in programming languages ​​such as PHP, Python, and NodeJS to pass data and make system calls on the machine’s operating system.

Example: Take input from a field and look for the entry in the file.

Examples of these functions:

  • This type of data is usually stored in a database, and that’s where the application collects user input to interact with the application’s operating system.

How to exploit Command Injection error 62

1) The application stores MP3 files in a folder present on the operating system.

2) User enters the name of the song they want to search. The application stores this input in the $title variable.

3) The data in this $title variable is passed to the grep command to search for a text file named songtitle.txt to type whatever the user wants to search for.

4) The search results of songtitle.txt will determine whether the app notifies the user that the song exists.

An attacker can take advantage of this program by issuing their own commands for it to execute. Instead of using grep to look for entries in songtitle.txt, an attacker could tell the application to read data from a more sensitive file.

How to exploit Command Injection error 63

1) The “flask” package is used to set up the web server

2) A function that uses the “subprocess” package to execute a command on the device

3) The web server will execute whatever command is provided. For example, to execute whoami, I just need to go to http://flaskapp.thm/whoami

[Câu hỏi 2.1] Which variable stores the user input in the above PHP code?

Answer: title

[Câu hỏi 2.2] What HTTP method is used to retrieve user submitted data in PHP script?

Answer: GET

[Câu hỏi 2.3] If I want to execute the id command in the Python script, I need to access route any?

Answer: /id

How to exploit Command Injection 64 . error

Applications that use user input to provide data to the system can often lead to unexpected behavior.

Shell operator:

first) ; = is functionally similar to “&&”, in that it does not require the first command to be executed successfully, which means that if the first command fails, the second will still run.

2) & = Because it is a background operator, the command will continue to run and you will be able to perform other tasks (that is, can run concurrently with the first command)

3) && = Symbolizes “and”, it will execute the second command after the first command is completed successfully, note that the first command MUST SUCCESS to run the second command.

In most cases, Command Injection can be detected in one of two ways:

  1. Blind Command Injection – When testing payloads, there is no direct output from the application and must analyze the behavior of the application to discover if your payload was successful.
  2. Verbose Command Injection – After you have checked the payload, the attacker will get an immediate response from the program. For example, you can use the “whoami” command to see what user the application is running as and the username will be displayed directly on the page.

Detect Blind Command Injection:

  • This method has to use payload, so it’s a bit time consuming.
  • If possible, force some output.

1) ping = The application will hang for x seconds, depending on how many pings you specify.

2) >= It is “redirector”, which means we can take the output of a command (such as “cat” to output a file) and redirect it somewhere else. Once redirected, we can use “cat” to read the contents of the newly created file.

3) whoami = Print the username corresponding to the current user id.

4) curl = This is a great approach for testing as it sends and receives data from an application in your payload.

Detect Verbose Command Injection:

  • One of the simplest methods is for the application to provide feedback or output about what is happening or being run.

ping hoặc whoami được hiển thị trực tiếp trên ứng dụng web

Useful Payloads:

[Câu hỏi 3.1] I will use payload What if I want to determine what user the application is running as?

Answer: whoami

[Câu hỏi 3.2] What popular networking tool would I use to check the capabilities blind command injection on a Linux machine?

Answer: ping

[Câu hỏi 3.3] I will use payload to check the Windows machine to put blind command injection enter?

Answer: timeout

How to exploit Command Injection error 67

We can avoid this vulnerability with a number of methods, from using potentially harmful functions or libraries in the programming language to filtering input without relying on user input.

Vulnerable functions:

• Exec
• Passthru
• System

In the example below, the program will only accept and process numbers entered into the form.

  • This means that commands like “whoami” will not be executed.

How to exploit Command Injection error 68

1. The application will only accept a specific character pattern (digits 0-9)

2. The application will then proceed to execute only this data, which is all numeric.

It should be noted that any program that uses these functions without doing a full check is vulnerable command injection.

Filter input:

  • This is one of the most effective methods to avoid command injection; it is a process of adjusting the formats or data types that users enter, by restricting the input characters that anyone is allowed to enter.

For example:

1) Accepts only numeric data

2) Remove any special characters like >, &, and /.

The following image illustrates how to use the PHP function “filter_input” to determine if the data provided via the input form is numeric.

How to exploit Command Injection error 69

Without using filters:

These filters will limit you to specified payloads; however, we can deprecate these filters by exploiting the logic of the application.

  • For example, a program might remove quotation marks ; using the hexadecimal value.

The example below demonstrates that, even if data is provided in a different format than expected, it can still be processed and produce the same result.

How to exploit Command Injection error 70

[Câu hỏi 4.1] What is the term for the process of “cleaning” the user input provided to an application?

Answer: sanitisation

How to exploit Command Injection error 71

Use “127.0.0.1” for localhost testing.

How to exploit Command Injection error 72

With the “localhost” test, we discovered a few things.

How to exploit Command Injection error 73

“& Dir” worked, showing that the victim was using “Windows” and not Linux.

How to exploit Command Injection error 74

Command Injection Cheatsheet:
– https://github.com/payloadbox/command-injection-payload-list

[Câu hỏi 5.1] As a user this application is running?

Since we know the victim is using “Windows”, we can use the shell operator “&” to find out which application is running.

How to exploit Command Injection error 75

Answer: www-data

[Câu hỏi 5.2] What is the content of the flag in /home/tryhackme/flag.txt?

Because the “&” operator is a vulnerable function and allows us to navigate directories, and since we can access “dir”, we just need to navigate to flag.

How to exploit Command Injection error 76

Finally, to read the file, we have to use “cat”, so instead of “dir”, we will use “cat”.

How to exploit Command Injection error 77

Answer: THM{COMMAND_INJECTION_COMPLETE}

So you already know how dangerous this vulnerability is.

Previous Post

Is the iPhone 12 waterproof?

Next Post

Soldiers from 4 countries go to Vietnam for Pacific Partnership

Megusta

Megusta

Related Posts

5 Best Software to Stream Games

5 Best Software to Stream Games

2 Tháng Một, 2023
Top 10 CRM Software For Construction 

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
Instruction how to use OBS streaming software

Features, settings and how to use OBS streaming software through 9 simple steps

25 Tháng Mười Hai, 2022
What is Trans woman?  What is Transgender Women?

What is Trans woman? What is Transgender Women?

23 Tháng Mười Hai, 2022
Christmas gift: Genuine Windows 10 Pro for only $6.63 and Office 2021 for $14.22

Christmas gift: Genuine Windows 10 Pro for only $6.63 and Office 2021 for $14.22

22 Tháng Mười Hai, 2022
How to get 50 free coins of SkyJoy App to redeem

How to get 50 free coins of SkyJoy App to redeem

21 Tháng Mười Hai, 2022
Load More
Next Post
Soldiers from 4 countries go to Vietnam for Pacific Partnership

Soldiers from 4 countries go to Vietnam for Pacific Partnership

Trả lời Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Bài viết mới

How to get travel insurance
Đời sống

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly
Phần mềm

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023
5 Best Software to Stream Games
Software

5 Best Software to Stream Games

2 Tháng Một, 2023
IBM Bridge To Cloud For Power
Software

IBM Bridge To Cloud For Power- Everything You Should Know

2 Tháng Một, 2023
Top 10 CRM Software For Construction 
Tech

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
What Is IBM Software
Software

What Is IBM Software? 4 Business Segments at IBM You Should Know

26 Tháng Mười Hai, 2022
W3Schools

Ads

Contact: [email protected]

DMCA.com Protection Status

Categories

  • Android
  • Cạm bẫy tâm lí
  • Chưa được phân loại
  • Đồ họa
  • Đời sống
  • Gen Z
  • Health
  • iOS
  • Kĩ năng mềm
  • News
  • Nhà mạng
  • Phần mềm
  • Phần mềm đồ họa
  • Review sách
  • Software
  • Tech
  • Thiết kế ảnh
  • Thiết kế video
  • Thủ thuật
  • Travel
  • Văn hóa Nam Bộ
  • Văn học
  • Window

Browse by Tag

ai là triệu phú android Apple browser Bullet Journal bản thân chai pin Chỉnh ảnh data domain download fshare game game show giả lập màu hosting IKEA ios khuyến mãi kinh doanh kiến thức kiểm tra pin messenger miễn phí mua sắm Máy ảnh mạng network nghệ thuật ngôn ngữ nhà Trần pin laptop quảng cáo tiếng anh trạng thái Trần Thủ Độ tên miền tắt hoạt động từ vựng video viettel window 10 word zalo Đơn giản

Recent News

How to get travel insurance

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023

Trang tin nóng hổi - vừa thổi vừa xem

No Result
View All Result
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z

Trang tin nóng hổi - vừa thổi vừa xem