Hands-on Command Injection Attack (en)
Jump to navigation
Jump to search
Setting Up the Environment:
Install DVWA:
- Download the DVWA ZIP file from [1](https://github.com/digininja/DVWA).
- Extract it to a directory on the Ubuntu server.
- Install dependencies:
sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql
Configure Apache:
- Create a new Apache configuration file (e.g., `dvwa.conf`) in `/etc/apache2/sites-available/`.
- Fill it with
<VirtualHost *:80>
ServerName dvwa.local
DocumentRoot /path/to/dvwa/
<Directory /path/to/dvwa/>
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Replace `/path/to/dvwa/` with the path/directory of DVWA.
- Enable the configuration:
sudo a2ensite dvwa.conf
- Restart Apache:
sudo systemctl restart apache2
Configure MySQL:
- Create the DVWA database:
mysql -u root -p CREATE DATABASE dvwa;
- Import the DVWA database schema:
mysql dvwa < /path/to/dvwa/dvwa.sql
Exploit Command Injection:
Access DVWA:
- Open a web browser and go to `http://dvwa.local`.
- Log in using the default credentials (`admin`/`password`).
Select the "Command Injection" Page:
- Click the "Command Injection" link.
Identify Vulnerable Input:
- The "Command Injection" page will display a form with a text input field. This input field is vulnerable to command injection.
Inject Command:
- Enter the following payload in the text input field:
; cat /etc/passwd;
The payload will execute the `cat` command to display the contents of the `/etc/passwd` file.
Submit Form:
- Click the "Submit" button.
If the attack is successful, we will see the contents of `/etc/passwd`.
Additional Notes:
- We can experiment with other payloads to explore various vulnerabilities.
- Always use a controlled environment with explicit permission from the system owner.
- Remember that exploiting vulnerabilities is illegal and unethical.