Introduction to OS Command Injections

Go from no prior knowlege of OS Command Injections to compromising applications and servers with this free ebook! You’ll learn core concepts, how to perform attacks manually and with automated tools, and how to generate and exploit persistent backdoor shells.

Then, you’ll learn security best practices to protect your own apps from becoming compromised by this threat.

This is an ebook version of our Introduction to OS Command Injections course.

What's Inside this Ebook?

OS Command Injections Overview chapter sample

Overview of OS Command Injections

In this chapter of the ebook, we start off by explaining what OS command injections are. We provide examples of how dangerous this vulnerability can be, the types of attacks that can be carried out if a vulnerability is found in your applications, and we provide a cheat sheet of helpful commands that get used in the following chapter to perform attacks.

Mounting OS command injection attacks

This chapter is all about performing OS command injection attacks! We spin up safe & legal pentesting environments, and then we go on the offense with manual and automated attacks (using Commix).

You will perform:

  • Information gathering
  • Time-based attacks
  • Redirecting output attacks
  • Extracting all OS users and attributes
  • Create a reverse shell to compromise the app’s server
  • Generating and exploiting backdoor shells with Weevely and Metasploit Meterpreter for persistence
  • …and more!
OS Command Injections preview of reverse shell
OS Command Injections preview of defenses

Defenses against OS Command Injections

Once you are familiar with OS command injections concepts, and you’ve performed attacks, it’s time to learn how to defend our applications from such a dangerous vulnerability.

In this chapter, you will:

  • Review vulnerable code examples
  • Learn 3 main defense options
  • View best practices in action
Christophe profile picture

Author spotlight

Christophe Limpalair

After learning first-hand why Application Security was important in his early teens, Christophe spent a number of years training individuals and organizations (SMB & F500) on how to use cloud services efficiently. After his journey of building two successful IT businesses to acquisition in the last six years, he realized that most also struggle with building secure software, so he co-founded Cybr and wrote this ebook as well as a corresponding course to help make the world a more secure place.

More ebooks from this author