Injection hacking

From the below image you can see that when I tried to execute the HTML code in the name field , it drops it back as the plain-text as:. Click on the Go button to check for its generated Response. From the below image you can see that the developer implemented the function hack over at the name field. Click on the Forward button to check the result over on the browser. Contact here.

Skip to content Hacking Articles. Website Hacking. Wonder how to exploit this vulnerability? So I guess until now you might be having a clear vision with the concept of OS command injection and its methodology. In Command Injection, the attacker extends the default functionality of the application, which execute system commands, without the necessity of injecting code. Many times the developers set up a blacklist of the commonly used metacharacters i.

Therefore in order to bypass this blacklist, we need to try all the different metacharacters that the developer forgot to add. Burpsuite is considered as one of the best and the most powerful tool for web-penetration testing. Now I just need to manipulate the target by adding up some system commands i. In the last scenario, while bypassing the implemented blacklist, we were lucky that the developer had created and set up the list with the limited combination of metacharacters. But still, it took time, to check for every possible combination of the metacharacters.

Tune in you burp suite and start intercepting the request , as soon as you capture the ongoing request send the same to the intruder by simply doing a right-click on the proxy tab and choose the option to send to intruder.

Time to inject our dictionary, now move to the Payload tab and click on the load button in order to load our dictionary file. As soon as I fire up the Start Attack button, a new window will pop up with the fuzzing attack. From the below image, you can see that as soon as I clicked over the 11 th Request, I was able to detect the ls command running in the response tab. Sometimes fuzzing consumes a lot of time, and even it becomes somewhat frustrating while performing a command injection attack over it i.

You can learn more about Commix from here. Commix works on cookies. Fire up you Kali Terminal with commix and run the following command with the Referer, Cookie, and target values :. What if we could convert this commix shell into a meterpreter one? As we hit enter, it will ask us to choose whether we want a netcat shell or some other meterpreter one. Choose option 2 and hit enter again.

As our target server is running over the PHP framework, we will select option 8 i. When everything is done, it will provide us with a resource file with an execution command. Types: Boolean: Only correct queries show the result, wrong queries do not return anything. Obfuscate string to avoid pattern matching. Use Concatenation to confuse the IDS. Insert inline comments between query. What is Ethical Hacking? Who is an Ethical Hacker?