Hands-on Command Injection Attack (en)

From OnnoWiki
Jump to navigation Jump to search

Setting Up the Environment:

Install DVWA:

sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql

Configure Apache:

  • Create a new Apache configuration file (e.g., `dvwa.conf`) in `/etc/apache2/sites-available/`.
  • Fill it with
<VirtualHost *:80>
    ServerName dvwa.local
    DocumentRoot /path/to/dvwa/

    <Directory /path/to/dvwa/>
         AllowOverride All
         Require all granted
    </Directory>
</VirtualHost>

Replace `/path/to/dvwa/` with the path/directory of DVWA.

  • Enable the configuration:
sudo a2ensite dvwa.conf
  • Restart Apache:
sudo systemctl restart apache2

Configure MySQL:

  • Create the DVWA database:
mysql -u root -p
CREATE DATABASE dvwa;
  • Import the DVWA database schema:
mysql dvwa < /path/to/dvwa/dvwa.sql

Exploit Command Injection:

Access DVWA:

  • Open a web browser and go to `http://dvwa.local`.
  • Log in using the default credentials (`admin`/`password`).

Select the "Command Injection" Page:

  • Click the "Command Injection" link.

Identify Vulnerable Input:

  • The "Command Injection" page will display a form with a text input field. This input field is vulnerable to command injection.

Inject Command:

  • Enter the following payload in the text input field:
; cat /etc/passwd;


The payload will execute the `cat` command to display the contents of the `/etc/passwd` file.

Submit Form:

  • Click the "Submit" button.

If the attack is successful, we will see the contents of `/etc/passwd`.

Additional Notes:

  • We can experiment with other payloads to explore various vulnerabilities.
  • Always use a controlled environment with explicit permission from the system owner.
  • Remember that exploiting vulnerabilities is illegal and unethical.

Interesting Links