Special Edition: Command injection
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation.
In this release we would like to share with you 21 unique articles written by Web Application Penetration Tester, Mr. Shritam Bhowmick.
The entire document focused on ‘exploitation techniques’ an application penetration tester or an attacker might use to take advantages of developer code flaw or code design flaw. We opted for ‘gaining in a shell’ in various rigorous operating system environments using ‘PowerShell’ and techniques to evade firewall filters in the journey to obtain a shell in the host target machine which ran IIS web-server and served an intentional vulnerable web application. Our exploitation concluded with post-exploitation via enumerating system privileges and possible other tasks which were needed to be discussed. Techniques to use covert shell in ASP were also covered as part of being stealth and invisible to the web administrators which is always an added advantage to the penetration testers while going through and operational application penetration test on the target.
Page 6: Hack
Page 7: Command Injection or Shell Injection
Page 9: Shellcode Deliverance Scenario – Reverse Shell and Bind Shell
Page 11: Bind Shell – Binding a Shell with Installed Scripting Languages
Page 13: Reverse Shell – Establishing a Data Stream via TCP/IP Sockets
Page 26: Shell Injection v/s Remote Code Execution v/s Code Injection
Page 34: Command Injection Vulnerable Code using PHP ‘system()’ Function
Page 37: Exploiting Command Injection on PHP to Obtain Command Execution
Page 40: Obtaining a Shell via Arbitrary Command Execution on PHP Application
Page 44: Mitigating Page 6: Vulnerable PHP Code Using Safe Escape Functions
Page 49: Secure Design PHP Code Implementation
Page 51: Command Injection Vulnerable Code Using WScript in Classic ASP
Page 57: Exploiting Command Injection on ASP to Obtain Command Execution
Page 69: Obtaining a Shell via Arbitrary Command Execution on ASP Application
Page 78: Post-Exploitation Using PowerShell via InvokeShell.ps1
Page 84: Mitigating Vulnerable ASP Code Using Safe API Functions
Page 87: OS Command Injection Using Intended Vulnerable Application
Page 96: Obtaining Shell via Telnet Service on Windows Platform
Page 110: Maintaining a Backdoor Access via Telnet using VSFTPD Set-up
Page 121: Covert ASP Shell for ASP based Backdoor on IIS Web-Servers
You may follow the author on LinkedIn.
Sample article from "Command Injection Compentium" is available in our Free Content bookmark.
For more ethical hacking publications available on our website, subscribe to Hack Insight and receive:
--> 24 unique magazine editions per one year.
--> Access to all the previous releases from the archives.
--> Access to special publications, workshops and video tutorials.