Using custom HTML/PHP, learn how command injection can be achieved to gain access to a web server. Learn to achieve shell access using the gwee tool.
- [Instructor] I've scripted up a PHP-based web page…on Metasploitable called commandget.php.…It's in the folder /var/www,…and we'll use this to demonstrate how we can inject…arbitrary operating system commands into a web server.…The purpose of the PHP script is to do an nslookup…of the host and display the results.…(typing)…The script starts with an HTML header in web page heading…followed by a PHP script to do the lookup.…Note the is set command which ensures…that if no host has been specified on the URL,…the script just continues to display a form…for the name server lookup.…
Okay let's run this.…I'll browse to the Metasploitable page from IceWeasel.…(typing)…Okay, I'll submit the query with a default selection…and we get the results for Amazon.…I'll run it again and select Google.…We can see on the URL the host name inserted.…I'll add a semicolon to the end of the line…and then append the LS command,…and I'll send the URL to the server.…
We've got back the lookup for Google,…followed rather untidily by the listing…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Dissecting HTTP/HTTPS protocol
- Working with WebSockets
- Understanding cookies
- Installing testing tools such as Hacme Casino and the Vega Scanner
- Running web application tests
- Practicing your skills
Skill Level Intermediate
Ethical Hacking: Denial of Service (2016)with Malcolm Shore1h 27m Intermediate
1. Introduction to Web
2. Getting Ready to Test
3. Running Basic Web Application Tests
4. Advanced Web Application Tests
5. Practicing Your Skills
What's next1m 11s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.