1
00:00:00,520 --> 00:00:06,430
In this lecture, we are going to see what is command injection and how we can practice command injection

2
00:00:06,430 --> 00:00:07,900
on Dvwa app.

3
00:00:08,970 --> 00:00:12,690
We are going to solve all challenges of command execution on the.

4
00:00:16,170 --> 00:00:22,180
Some websites allow you to execute commands through a web interface, typically to generate some reports.

5
00:00:22,200 --> 00:00:28,020
The Dvwa provides a command execution module, which you can use to ping IP addresses.

6
00:00:28,440 --> 00:00:32,400
We are to find a way to execute other commands from the same text box.

7
00:00:33,510 --> 00:00:39,120
Now you should be on Kali Linux or Pirate OS in VMware VirtualBox or running natively on your PC.

8
00:00:42,520 --> 00:00:46,420
Now let's first solve low difficulty command execution challenge.

9
00:00:48,080 --> 00:00:51,710
Go to settings and set the difficulty to low.

10
00:00:57,020 --> 00:01:00,800
We can use multiple ways to execute commands in the same text box.

11
00:01:01,040 --> 00:01:04,099
The following commands will work fine and will execute.

12
00:01:04,129 --> 00:01:08,990
You can see that we can even get a reverse shell as shown in the last example.

13
00:01:14,360 --> 00:01:20,210
If we use the command with pink command, we can get the list of files in the same folder.

14
00:01:24,540 --> 00:01:27,060
Now let's see what happens in medium difficulty.

15
00:01:27,720 --> 00:01:29,340
Command Execution Challenge.

16
00:01:32,280 --> 00:01:33,330
In medium difficulty.

17
00:01:33,330 --> 00:01:36,300
Some type of input sanitization is being performed.

18
00:01:37,490 --> 00:01:44,270
An ampersand and semicolon are blacklisted, but we can still use the pipe symbol to execute our commands.

19
00:01:46,310 --> 00:01:50,600
Now let's get an overview of high difficulty command execution.

20
00:01:53,810 --> 00:01:56,890
Now in this difficulty, even the pipe is blacklisted.

21
00:01:56,900 --> 00:01:59,540
But there is a typo and the space is there.

22
00:01:59,870 --> 00:02:03,170
We can enter it without space to get the same results.

23
00:02:08,789 --> 00:02:12,270
Now let's solve them on actual application.

24
00:02:13,440 --> 00:02:17,100
First of all set the difficulty of dvwa too low.

25
00:02:18,430 --> 00:02:20,230
The go to command injection module.

26
00:02:22,260 --> 00:02:24,630
Enter an address and click submit.

27
00:02:27,500 --> 00:02:29,180
We will get a ping response.

28
00:02:31,770 --> 00:02:36,060
Now, if we enter the same address with double ampersand.

29
00:02:37,580 --> 00:02:38,540
And command.

30
00:02:38,540 --> 00:02:42,200
We will get the list of all files in the same folder as well.

31
00:02:43,860 --> 00:02:46,890
And we have successfully exploited our first vulnerability.

32
00:02:47,890 --> 00:02:52,090
Now let's see how we can use this vulnerability to get a reverse shell.

33
00:02:53,070 --> 00:02:59,220
First of all, start a netcat listener with NC 9001 command.

34
00:03:01,100 --> 00:03:03,770
Now use the command as shown on the screen.

35
00:03:03,980 --> 00:03:07,220
We are using Netcat to connect to our Netcat listener.

36
00:03:09,030 --> 00:03:11,670
And you can see that we get a shell here.

37
00:03:11,670 --> 00:03:16,560
You can execute different types of commands like LZ, VMI, etcetera.

38
00:03:21,280 --> 00:03:24,100
Now change the setting to medium.

39
00:03:28,410 --> 00:03:30,330
Go back to command initiation module.

40
00:03:33,200 --> 00:03:37,640
And if you try to run the same command, you will see that we will not get any results.

41
00:03:41,800 --> 00:03:43,330
If you look at the source.

42
00:03:45,430 --> 00:03:49,810
You will see that double ampersand sign and semicolon signs are blacklisted.

43
00:03:53,150 --> 00:03:56,210
Now you can use a pipe single to bypass this filter.

44
00:03:57,790 --> 00:03:59,020
And get the results.

45
00:04:05,920 --> 00:04:07,810
Now set the security level to high.

46
00:04:14,270 --> 00:04:16,130
And try to run the same command.

47
00:04:18,690 --> 00:04:20,279
We will not get any results.

48
00:04:22,740 --> 00:04:27,030
If you look at the source code this time, we will see that many symbols are blacklisted.

49
00:04:27,060 --> 00:04:29,610
But there is a typo in the pipe symbol.

50
00:04:34,990 --> 00:04:36,730
Which has an extra space.

51
00:04:41,030 --> 00:04:45,050
So we can type the same command without spaces and we can get the results.

52
00:04:53,430 --> 00:04:59,730
So we have successfully completed the command execution challenges in all three difficulty modes.