Introduction to OS Command Injections

OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader.
Christophe · September 14, 2020

Duration: 1 hour 15 minutes

Difficulty: Beginner to Intermediate

Topics Covered:

  • Explore the threat of OS Command injections as listed by OWASP in their top 10 web risks (Injections)
  • Follow along as we attack applications legally & safely
  • Generate, upload, and use backdoor shells with MSFvenom and Weevely
  • Learn defensive controls that can be applied to your applications

Recommended pre-requisites:

  • Experience working with web applications
  • Experience with OS commands (Linux or Windows)

About Instructor

Christophe

17 Courses

Not Enrolled

Course Includes

  • 10 Lessons
  • 1 Quiz
  • Course Certificate