Web Security Lab Part 2: Command Execution - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary: Learn how attackers can execute arbitrary commands via a web application and, potentially, gain a shell.

Windows Commands for the lab:

  • dir - Directory listing for Windows

  • Date - displays the current date/lets you set a new date

  • hostname - displays hostname of the workstation

  • more - prints out contents of a file

  • find - finds a test string in files

  • cd - Change directory

  1. Select Command Injection

image

This is an application that will ping an IP address. However, this application is super flawed and allows commands to be added after the address

  1. Enter your host machine address(This will demonstrate how the command is meant to be used)

image

  • Ping reply for my VM workstation

image

  1. Type in command YOURIP && hostname

You should get the ping response and the hostname of the system running the application (&& lets us string commands together)

image

The hostname is at the bottom on the ping reply, it is DESKTOP-OFF2MOM

  1. Type in command YOURIP && dir

You should get the ping response, but also a directory listing from the server

image

  1. Type in command YOURIP && systeminfo

image

Using what you know so far and information from networking in general, try to find the following.

  • Find the MAC address of your playground.

I typed in the command 192.168.7.85 && ipconfig /all and I was able to find the MAC address

image

image

  • Find the original install time & date.

image

  • Find BIOS version.

image