Using custom HTML/PHP, learn how command injection can be achieved to gain access to a web server. Learn to achieve shell access using the gwee tool.
- [Instructor] I've scripted up a PHP-based web page…on Metasploitable called commandget.php.…It's in the folder /var/www,…and we'll use this to demonstrate how we can inject…arbitrary operating system commands into a web server.…The purpose of the PHP script is to do an nslookup…of the host and display the results.…(typing)…The script starts with an HTML header in web page heading…followed by a PHP script to do the lookup.…Note the is set command which ensures…that if no host has been specified on the URL,…the script just continues to display a form…for the name server lookup.…
Okay let's run this.…I'll browse to the Metasploitable page from IceWeasel.…(typing)…Okay, I'll submit the query with a default selection…and we get the results for Amazon.…I'll run it again and select Google.…We can see on the URL the host name inserted.…I'll add a semicolon to the end of the line…and then append the LS command,…and I'll send the URL to the server.…
We've got back the lookup for Google,…followed rather untidily by the listing…
Note: The topics in this course will prepare you for key objectives on the Certified Ethical Hacker exam. Find an overview of the certification and the exam handbook at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Dissecting HTTP/HTTPS protocol
- Working with WebSockets
- Understanding cookies
- Installing testing tools such as Hacme Casino and the Vega Scanner
- Running web application tests
- Practicing your skills