Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Book Image

KALI LINUX NETWORK SCANNING COOKBOOK

Overview of this book

Table of Contents (16 chapters)
Kali Linux Network Scanning Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Disclaimer
Preface
Index

Validating command injection vulnerabilities with HTTP traffic


Command injection is likely the most dangerous of all known web application attack vectors. Most attackers seek to exploit vulnerabilities in hope that they will ultimately find a way to execute arbitrary commands on the underlying operating system. Command-execution vulnerabilities provide that capability without any additional steps. In this recipe, we will discuss how to use web server logs or custom web service scripts to confirm command-execution vulnerabilities.

Getting ready

To perform command-injection testing against a target using HTTP request confirmation, you will need to have a remote system that is running one or more web applications that are vulnerable to command injection. In the examples provided, an instance of Metasploitable2 is used to perform this task. Metasploitable2 has several preinstalled vulnerable web applications running on TCP port 80. For more information on setting up Metasploitable2, refer to the...