OS Command Injection - L1
OS Command Injection - Complete guide
Craw.in has launched a file management portal where users can ping an IP address to check connectivity. However, security researchers suspect that the system is vulnerable to OS command injection. Your goal is to exploit the vulnerability and gain unauthorized system access.
Challenge 1: Identifying the Vulnerability
Scenario:
The web application provides a simple input box where users enter an IP address to check connectivity. Internally, it runs the following command:
bash
ping -c 4 $user_input
If the application does not properly sanitize input, you can inject additional commands.
Question:
What input would you use to check if the system allows OS command execution?
Challenge 2: Listing System Users
Scenario:
After confirming the vulnerability, you want to list all system users on the server.
Question:
What command injection payload retrieves a list of users on a Linux system?
Challenge 3: Checking Network Configuration
Scenario:
You want to explore the server’s network settings.
Question:
What command injection payload retrieves network interface details on a Linux system?
Challenge 4: Finding Running Processes
Scenario:
Now, you want to check active processes running on the system.
Question:
What command injection payload lists all running processes?
Challenge 5: Extracting Sensitive Files
Scenario:
You suspect that the web application stores sensitive configuration files.
Question:
What command injection payload reads the shadow file containing password hashes?
Challenge 6: Gaining Reverse Shell Access
Scenario:
Now that you have control over command execution, you attempt to gain a reverse shell to the server.
Question:
What command injection payload establishes a reverse shell connection using bash?
Challenge 7: Deleting System Files
Scenario:
A malicious attacker might try to wipe the entire system using command injection.
Question:
What command injection payload deletes all files on the system?