Command Injection is also known as OS Command Injection.
A vulnerability that consists of an attacker executing commands on the host OS with a vulnerable application.
Example: A vulnerable web application with no server side validation and the web server is running the application.
How a Normal User will use the web application: [ping IP Address: 127.0.0.1]
Use the web application to ping the IP address that they want to check if it's up and running.
The ping will initiate a request to the web server and execute the ping command.
The ping command send an ICMP echo request to the IP address device and if the device is up, it sends back an ICMP echo response.
The response is outputted in the web application.
**If a Malicious Attacker gain access to the web application**: [ping IP Address with command injection: ```120.0.0.1 && cat /etc/passwd```]
- The attacker can run a "cat command" to output the contents of the /etc/passwd file.
- /etc/passwd is a world readable file. Regardless of the user context in which the web application operates, it would have the capability to access the file in the event it is susceptible to command injection.
- The attacker ping the IP address with the command injection.
- The server sends back an ICMP echo response with both commands.
- Allowed the attacker to exfiltrate the information from the web application.
Types of Command Injection
**In-band Command Injection**
- Attacker execute the commands on the host OS through a vulnerability application and receiving the response of the command in the application.
**Blind Command Injection**
- Attacker execute the commands on the host OS through a vulnerability application that does not return the output from the command within its HTTP response.
Impact of Command Injection Attacks
Unauthorized access to the application and host OS.
- Confidentiality: Command Injection can be used to view sensitive information.
- Integrity: Command Injection can be used to alter content in the application.
- Availability: Command Injection can be used to delete content in the application.
With Command Injection attacks, the attacker could run arbitrary commands. The attacker will gain remote cove execution the OS. This would affect the CIA triad at the highest level.
Mastering Command Injection Part 1
What is Command Injection?
Command Injection is also known as OS Command Injection.
A vulnerability that consists of an attacker executing commands on the host OS with a vulnerable application.
Example: A vulnerable web application with no server side validation and the web server is running the application.
How a Normal User will use the web application: [ping IP Address:
127.0.0.1]Use the web application to ping the IP address that they want to check if it's up and running.
The ping will initiate a request to the web server and execute the ping command.
The ping command send an ICMP echo request to the IP address device and if the device is up, it sends back an ICMP echo response.
The response is outputted in the web application.
**If a Malicious Attacker gain access to the web application**: [ping IP Address with command injection: ```120.0.0.1 && cat /etc/passwd```] - The attacker can run a "cat command" to output the contents of the /etc/passwd file. - /etc/passwd is a world readable file. Regardless of the user context in which the web application operates, it would have the capability to access the file in the event it is susceptible to command injection. - The attacker ping the IP address with the command injection. - The server sends back an ICMP echo response with both commands. - Allowed the attacker to exfiltrate the information from the web application.
Types of Command Injection
**In-band Command Injection** - Attacker execute the commands on the host OS through a vulnerability application and receiving the response of the command in the application. **Blind Command Injection** - Attacker execute the commands on the host OS through a vulnerability application that does not return the output from the command within its HTTP response.Impact of Command Injection Attacks
Unauthorized access to the application and host OS. - Confidentiality: Command Injection can be used to view sensitive information. - Integrity: Command Injection can be used to alter content in the application. - Availability: Command Injection can be used to delete content in the application. With Command Injection attacks, the attacker could run arbitrary commands. The attacker will gain remote cove execution the OS. This would affect the CIA triad at the highest level.