β‘Command Injection
β‘ OS Command Execution: Comprehensive guide to discovering and exploiting command injection vulnerabilities in web applications
Overview
Command Injection occurs when an attacker can execute arbitrary operating system commands on a server that is running an application. This vulnerability is typically the result of insufficient input validation and can lead to complete system compromise.
This module covers the complete spectrum of command injection attacks, from basic detection techniques to advanced exploitation methods and defensive measures.
Module Contents
π Discovery & Detection
Input validation bypass techniques
Blind command injection detection
Time-based detection methods
Error-based identification
β‘ Exploitation Techniques
Basic command injection
Blind command injection
Filter bypass methods
Command chaining and separation
π οΈ Advanced Methods
Out-of-band exploitation
Data exfiltration techniques
Privilege escalation via command injection
Persistence mechanisms
π‘οΈ Defense & Prevention
Input validation best practices
Secure coding techniques
WAF configuration
System hardening
Learning Objectives
By completing this module, you will understand:
Fundamentals - How command injection vulnerabilities occur
Detection - Methods to identify injection points
Exploitation - Techniques to execute arbitrary commands
Bypasses - Methods to circumvent security controls
Impact - Real-world consequences and attack scenarios
Prevention - Secure development practices
Prerequisites
Basic understanding of web applications
Command line interface familiarity
HTTP request/response structure knowledge
Basic scripting knowledge (bash, Python)
Tools Used
Burp Suite - Request interception and modification
OWASP ZAP - Vulnerability scanning
curl/wget - Command line HTTP clients
nc (netcat) - Network connections and reverse shells
Custom scripts - Automated exploitation tools
Practical Applications
This module prepares you for:
Web Application Penetration Testing
Bug Bounty Hunting
Security Code Review
Incident Response
Secure Development
Module Structure
Each technique includes:
β Theoretical background
β Practical examples
β Lab exercises
β Real-world scenarios
β Defense recommendations
Section Breakdown
OS command injection operators
URL encoding techniques
Cross-platform compatibility
Detection methodology
Front-end validation bypass
Web proxy usage (Burp Suite)
HTTP request modification
Initial command execution
AND/OR logic operators
Pipe and background execution
Newline and separator methods
Cross-injection operator reference
Application vs WAF detection
Blacklisted character discovery
Systematic filter testing
HTB Academy lab solutions
Tab character replacement
$IFSenvironment variableBash brace expansion
Alternative whitespace methods
Environment variable extraction (
${PATH:0:1})Windows character techniques
ASCII character shifting methods
Variable syntax alternatives
Bypassing Blacklisted Commands
Command obfuscation techniques
Quote injection methods (
w'h'o'am'i)Platform-specific bypasses
Advanced payload construction
Case manipulation techniques
Reversed command execution
Base64/hex encoding methods
WAF evasion strategies
Bashfuscator (Linux automation)
DOSfuscation (Windows automation)
Automated payload generation
Tool comparison and integration
Real-world web file manager scenario
Complete exploitation walkthrough
Multiple payload construction methods
Professional penetration testing methodology
π― Congratulations! You've mastered command injection attacks! π
Last updated