You have not logged in. Access is limited, Please login to get full Access

OS Command Injection - L1

OS Command Injection, also known as Shell Injection, occurs when an attacker is able to inject and execute arbitrary operating system commands through a vulnerable web application or service. This happens when user input is improperly sanitized and is directly passed to the system’s shell for execution, allowing the attacker to gain control of the system and execute commands that could compromise the server or reveal sensitive data.

Task 1 OS Command Injection - Complete guide

Craw.in has launched a file management portal where users can ping an IP address to check connectivity. However, security researchers suspect that the system is vulnerable to OS command injection. Your goal is to exploit the vulnerability and gain unauthorized system access.

Answer The Questions

Challenge 1: Identifying the Vulnerability
Scenario:
The web application provides a simple input box where users enter an IP address to check connectivity. Internally, it runs the following command:
bash
ping -c 4 $user_input
If the application does not properly sanitize input, you can inject additional commands.
Question:
What input would you use to check if the system allows OS command execution?

Challenge 2: Listing System Users
Scenario:
After confirming the vulnerability, you want to list all system users on the server.
Question:
What command injection payload retrieves a list of users on a Linux system?

Challenge 3: Checking Network Configuration
Scenario:
You want to explore the server’s network settings.
Question:
What command injection payload retrieves network interface details on a Linux system?

Challenge 4: Finding Running Processes
Scenario:
Now, you want to check active processes running on the system.
Question:
What command injection payload lists all running processes?

Challenge 5: Extracting Sensitive Files
Scenario:
You suspect that the web application stores sensitive configuration files.
Question:
What command injection payload reads the shadow file containing password hashes?

Challenge 6: Gaining Reverse Shell Access
Scenario:
Now that you have control over command execution, you attempt to gain a reverse shell to the server.
Question:
What command injection payload establishes a reverse shell connection using bash?

Challenge 7: Deleting System Files
Scenario:
A malicious attacker might try to wipe the entire system using command injection.
Question:
What command injection payload deletes all files on the system?

OS Command Injection - L1

Task 1 OS Command Injection - Complete guide

Email Verification Required

Admin Panel