Command Injection Attack (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:00
Hey, everyone, welcome back to the course. So in this video, we're gonna perform a simple command injection attacks, so we'll just take a look at what that entails. And so we'll be using R. Kelly Lin Xbox again as well as we'll be using our medicine Pliable target machine.
00:15
So first things first, we wanna make sure that we can actually access that machines. We're just gonna ping it real quick again. It's the same I p address we've used throughout this course 10.0 dot 2.7. We see, we got a reply back, so we know we can access that. Next thing we're gonna do is open a Web browser inside of Cali
00:30
and we're gonna actually go to the the U R L of that machine. So we're gonna type in http
00:36
Colin ford slash ford slash and then r i p address, which is 10 0 to 7.
00:42
All right, so you see, we're able to access it, and the next thing we're gonna do is select the *** vulnerable Web application or the D V. W. A.
00:50
And here we're gonna type in our credentials, which are just admin. And then the password is password. All lower case.
00:56
Well, say log in and we're not going to save the credentials there, and it doesn't really matter, since we're in a VM. Anyways,
01:02
first thing we need to do is we need to actually go down to our D v W a security, and we need to lower this. So right now it's set too high for us to have success with this demonstration. We need to make it low, and we'll go ahead and just submit that there.
01:15
And once we've made that change, now we'll select command execution, and here we're gonna be entering in some various commands. We're gonna be using local host, though, for I r I p address. So we'll be using 1 27.0 dot 0.1. But I just want to show you some of the commands we can enter in there. And this is all
01:34
this command injection is where entering in characters that should not be allowed.
01:38
And it's allowing us to get some information back about the target. In this case again, we're just using the local host, so we just put in the local host I p address there and paying it. You'll see we get standard information back that we are able to reach that local host, which, of course, we wouldn't be able to do this lab if we could not access our local host.
01:57
So first thing we're just gonna dio here is type in the i p. Address again. We're gonna put the ampersand twice, and then we're gonna put ls
02:05
to list out the information. And you see, we're able to get some information about the target here about the, uh, files that are there. So we see the help file, the index file and a source file.
02:16
So we're gonna type in our same i P address again. We'll use an for Sands will also do the list,
02:23
and then we'll do a dash l. A command, and that's gonna show us some information about the directories that are available on our target.
02:30
So we'll go back in well, type in our I P address. We'll still use an for Sands again. Were able to get our name by putting in Who am I? So it's gonna tell us information about
02:38
so it's gonna give us information about our target so we'll go back to our box here. Type in the same I p address again. Now we're just gonna pipe
02:46
to try to get information, information about the user name.
02:50
And so, you see, you see here that the user name is Linux,
02:54
so I want to save some time here. I just selected the user name command. I type before just added the dash a flag. So that tells us a little bit more information. So we get the user name now that we can identify information about that target, for example, here we see it's been exploitable and it gives us some version information.
03:15
So now we're gonna take a look at PHP. So we're gonna type in our I P address will use an for san twice will type in PHP and then a dash lower case V for verbose, and you'll see here to tell us the information about the PHP version in use.
03:30
So again, all we're doing here is just gathering a different you know, information about that target server. So we're just using these various commands to try to get back information about, like the user name or the version of software or applications and use, and that will allow us to identify How can we actually gain access to that target machine?
03:51
Yeah, well, type in our cat command here, so we use I p address and for sand and for Sam Cat, and then we'll take a look at the password directory. So we're gonna try to get some information about passwords on this target machine.
04:04
And so you'll see here we're able to get information about route were able to see that information.
04:12
And so what this helps us do with our clients is it helps them understand. How are there? How is your web server vulnerable? Right. So how can it attacker gain information about their web server from the current settings? The current things that are open the directories that are open to, uh, public facing or that an attacker can get access to. So
04:30
this is just one way for us to show on the pen test report
04:33
what we confined
Up Next