THM —Jr Penetration Tester — Command Injection
Task1 — Introduction (What is Command Injection?)
Task2 — Discovering Command Injection
Answer the questions below
Q 1. What variable stores the user’s input in the PHP code snippet in this task?
Ans. — $title
Q 2. What HTTP method is used to retrieve data submitted by a user in the PHP code snippet?
Ans. — GET
Q 3. If I wanted to execute the id command in the Python code snippet, what route would I need to visit?
Ans. — /id
Task — 3 Exploiting Command Injection
Q 1. What payload would I use if I wanted to determine what user the application is running as?
Ans. — whoami
Q 2 . What popular network tool would I use to test for blind command injection on a Linux machine?
Ans. — ping
Q 3. What payload would I use to test a Windows machine for blind command injection?
Ans. timeout
Task 4 — Remediating Command Injection
Q 1. What is the term for the process of “cleaning” user input that is provided to an application?
Ans. sanitisation
Task 5 Practical: Command Injection (Deploy)
Q .1 What user is this application running as?
Ans. Refering the below link i use these two payloads “ <!--#exec%20cmd="/usr/bin/id;-->"
or |/usr/bin/id
https://github.com/payloadbox/command-injection-payload-list
Q 2. What are the contents of the flag located in /home/tryhackme/flag.txt?
Ans. THM{COMMAND_INJECTION_COMPLETE}
Just use payload — 127.0.0.1; cat /home/tryhackme/flag.txt
If need explanation of this please comment i will illustrate it.
If need explanation of this please comment i will illustrate it.
Task — 6 Conclusion
