Hands-on Command Injection Attack (en)

Setting Up the Environment:

Install DVWA:

• Download the DVWA ZIP file from [1](https://github.com/digininja/DVWA).
• Extract it to a directory on the Ubuntu server.
• Install dependencies:

sudo apt install apache2 mysql-server php libapache2-mod-php php-mysql

Configure Apache:

• Create a new Apache configuration file (e.g., `dvwa.conf`) in `/etc/apache2/sites-available/`.
• Fill it with

<VirtualHost *:80>
    ServerName dvwa.local
    DocumentRoot /path/to/dvwa/

    <Directory /path/to/dvwa/>
         AllowOverride All
         Require all granted
    </Directory>
</VirtualHost>

Replace `/path/to/dvwa/` with the path/directory of DVWA.

• Enable the configuration:

sudo a2ensite dvwa.conf

• Restart Apache:

sudo systemctl restart apache2

Configure MySQL:

• Create the DVWA database:

mysql -u root -p
CREATE DATABASE dvwa;

• Import the DVWA database schema:

mysql dvwa < /path/to/dvwa/dvwa.sql

Exploit Command Injection:

Access DVWA:

• Open a web browser and go to `http://dvwa.local`.
• Log in using the default credentials (`admin`/`password`).

Select the "Command Injection" Page:

• Click the "Command Injection" link.

Identify Vulnerable Input:

• The "Command Injection" page will display a form with a text input field. This input field is vulnerable to command injection.

Inject Command:

• Enter the following payload in the text input field:

; cat /etc/passwd;

The payload will execute the `cat` command to display the contents of the `/etc/passwd` file.

Submit Form:

• Click the "Submit" button.

If the attack is successful, we will see the contents of `/etc/passwd`.

Additional Notes:

• We can experiment with other payloads to explore various vulnerabilities.
• Always use a controlled environment with explicit permission from the system owner.
• Remember that exploiting vulnerabilities is illegal and unethical.

Interesting Links

• Forensic: IT