☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. TryHackMe
  2. Learning Paths
  3. Jr Penetration Tester

Command Injection

Ninth section in Jr Penetration Tester learning path.

Introduction

Command Injection is the abuse of an application's behaviour to execute commands on the OS, using the same privileges that the application is running with. For example, if you had command injection on a web server running as "joe", then you would be able to execute commands with his permissions.

Command injection is often called RCE (Remote Code Execution) as it allows you to execute code directly in the application. For example, if you could run the command whoami in an application that would be an example of RCE.

Blind Command Injection

For this, you will need to use payloads that cause a time delay, for example, ping or sleep. Using ping, the application will hang for x seconds in relation to how many pings were specified. Another way to detect blind command injection is to force output, for example using >. We can tell the application to execute whoami and then redirect that to a file, and then use cat to read the file's contents.

Verbose Command Injection

This is where the application provides instant feedback or output about executed commands. For instance, running whoami would display the output on the web application.

Useful Linux Payloads

  • whoami : see what user the app is running under

  • ls : list contents of current directory

  • ping : invoke the app to hang

  • sleep : invoke the app to hang

  • nc : can be used to spawn a reverse shell on the app

Useful Windows Payloads

  • whoami : see what user the app is running under

  • dir : list contents of current directory

  • ping : invoke the app to hang

  • timeout : invoke the app to hang

Last updated 11 months ago

🖥️
  • Introduction
  • Blind Command Injection
  • Verbose Command Injection
  • Useful Linux Payloads
  • Useful Windows Payloads