1 of 1

Java - Command Injection 4 (CMD-4)

Running the app on Docker

Now that the app is running let's go hacking!

Reconnaissance

When we start the application we can see that we can ping an adress.

Let's try to ping 127.0.0.1

We get back the output of the ping command which tell us this might be vulnerable to a command injection.

Exploitation

Let's try chaining commands

We get nothing back, maybe this application has a blacklist

We can see in this piece of code the app is removing certain dangerous characters in an attempt to avoid some kind of command injection. Unfortunately there are ways to bypass this blacklist approach. Let's try piping the commands:

And we have a command injection!

Additional sources

Java - Command Injection 4 (CMD-4)

Running the app on Docker

$ sudo docker pull blabla1337/owasp-skf-lab:java-cmd4

$ sudo docker run -ti -p 127.0.0.1:5000:5000 blabla1337/owasp-skf-lab:java-cmd4

Now that the app is running let's go hacking!

Reconnaissance

When we start the application we can see that we can ping an adress.

Let's try to ping 127.0.0.1

We get back the output of the ping command which tell us this might be vulnerable to a command injection.

Exploitation

Let's try chaining commands

We get nothing back, maybe this application has a blacklist

And we have a command injection!

Java - Command Injection 4 (CMD-4)

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

Java - Command Injection 4 (CMD-4)

hashtagRunning the app on Docker

hashtagReconnaissance

hashtagExploitation

hashtagAdditional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources

Running the app on Docker

Reconnaissance

Exploitation

Additional sources