All Rooms
Command Injection
easy25 mintryhackme
Learn about OS command injection — how applications that pass user input to system commands can be exploited to execute arbitrary commands on the server. Covers both verbose (output displayed) and blind (no output) command injection, common payloads for Linux and Windows, input sanitization defenses, and a practical exercise exploiting a network diagnostic tool (ping) to read sensitive files as www-data.
Skills You Will Learn
command-injectionos-command-injectioninput-validationblind-injection
Prerequisites
- thm-walkinganapplication
- web-manual-testing
Walkthrough Phases
1
Understanding Command Injection
Learn how OS command injection works
2
Practical Command Injection
Exploit a real command injection vulnerability
11 questions to answer
alienrecon start thm-oscommandinjectionDon't have AlienRecon? Get started here