LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Analysing Command Detected in Request Body

1 year ago 87
BOOK THIS SPACE FOR AD
ARTICLE AD

SOC168 — Whoami Command Detected in Request Body

What is Command Injection?

Command InjectionCommand injection is a type of vulnerability that allows an attacker to execute arbitrary commands on the host operating system via a vulnerable application.This can occur when an application passes unsafe user supplied data (e.g. form input) to a system shell without proper validation or sanitization.An attacker can use command injection to gain unauthorised access to sensitive data, execute malicious code or disrupt the intended functionality of the application.

Example:

ls command injection that lists directory contents of files and directories

ls command Injection attack

How to detect command injection ?

One way to detect command injection vulnerabilities in a web application is to search the source code for keywords that may indicate the use of system commands with unsanitized user inputSome keywords to look for include:“Whois” , “dir”, “ls”, “cp”, “cat”, “type”“System”, “etc”, “exec”, “shell_exec”“Whoami”
Detect Command Injection by using snort

SOC168 — Whoami Command Detected in Request Body

Here is the generated alert,

Alert given by https://letsdefend.io/Source IP address (61.177.172.87) attempted “Whoami” command injection attack on Web server 1004 (172.16.17.16).Request URL : https://172.16.17.16/video/

Let’s check about Source IP address:

VirusTotal

This IP address was flagged as malicious. Also attackers make lots of attacks by using this IP address.

AbuseIPDB

Lets, look into the Log Management

log managementThere are several command injection ware made by this attacker(61.177.172.87).All attempts are responded with 200 HTTP Status with different HTTP response sizes.We are able to see that all the command injections made by the attacker were executed. By checking the command line History on web server 1004
command Line History on Webserver1004

Playbook Answers:

playbookYes, we need Tier 2 EscalationThe Attack was successfulThe Direction of Traffic : Internet to company networkThere is NO Mail about Attack , this is not a Planned TestThis is Command injection attackIt is a Malicious Traffic

Reference :

Read Entire Article
  3. Analysing Command Detected in Request Body

Related

The Story of a Mass Account Takeover Though Stored XSS (Cross-Site Scripting).

The Story of a Mass Account Takeover Though Stored XSS (Cross-Site Scripting).

The Silent Threat: Uncovering IDOR Vulnerabilities Before They’re Exploited (PoC)

The Silent Threat: Uncovering IDOR Vulnerabilities Before They’re Exploited (PoC)

E-Commerce Application Penetration Testing- My Favourite Business Logical Flaw

E-Commerce Application Penetration Testing- My Favourite Business Logical Flaw

Hackerone got hacked! How can I steal your POC?

Hackerone got hacked! How can I steal your POC?

Flamingo Finance Bug Bounty Program

Flamingo Finance Bug Bounty Program

VAPT: The Secret Weapon for Security Superheroes

VAPT: The Secret Weapon for Security Superheroes

Trending

1. XUV 3XO
2. HPBOSE
3. TS EAMCET hall ticket download 2024
4. ICICI Bank share price
5. International Dance Day
6. Yes Bank share price
7. BSE share price
8. Gary Kirsten
9. Arvind Kejriwal
10. HPBOSE

Popular

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

SketchUp Pro 2020 v20.2.172 (x64) Multilingual + Patch

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved