1
00:00:10,450 --> 00:00:16,540
Let us continue with Web application penetration testing, this is the first vulnerability that they're

2
00:00:16,540 --> 00:00:23,290
going to exploit, that is the command execution and they're going to use the damn vulnerable Web application.

3
00:00:23,710 --> 00:00:26,830
So it is command execution or command injection.

4
00:00:28,000 --> 00:00:35,860
Operating system command injection, also known as injection, is a security vulnerability that allows

5
00:00:35,860 --> 00:00:41,860
an attacker to execute arbitrary operating system commands on the server that is running an application

6
00:00:42,310 --> 00:00:46,600
and typically fully compromised the application and all its data.

7
00:00:47,840 --> 00:00:53,900
Very often an attacker can leverage an operating system, command injection vulnerability to compromise

8
00:00:53,900 --> 00:01:01,250
the entire hotspring infrastructure, thus exploiting trust relationships to pivot the attack to other

9
00:01:01,250 --> 00:01:02,990
systems within the organization.

10
00:01:03,960 --> 00:01:12,000
If we haven't got a clear idea of what this command execution will right now head to our Linux machine

11
00:01:12,360 --> 00:01:19,320
and I will show you how to execute command execution and what is command execution vulnerability in

12
00:01:19,860 --> 00:01:21,860
the application penetration testing.

13
00:01:22,230 --> 00:01:23,880
So you need to do two things.

14
00:01:24,090 --> 00:01:28,210
Start your machine and start using it as political machine as well.

15
00:01:28,740 --> 00:01:30,570
I will see you in a couple of minutes.

16
00:01:34,910 --> 00:01:41,300
So as you can see, I have started a moment, floatable, by giving the password and username Nordea

17
00:01:41,300 --> 00:01:42,980
of to go, you have to go to Carly.

18
00:01:44,280 --> 00:01:46,590
And just log in to your colleague.

19
00:01:49,420 --> 00:01:56,540
Now go to your browser, Mozilla, Firefox, and then since we are going to launch their DPW from metastable.

20
00:01:58,060 --> 00:02:01,480
We'll put the IP address of Matus Portable into the browser.

21
00:02:04,430 --> 00:02:05,930
So just open Firefox.

22
00:02:10,420 --> 00:02:14,770
And then head on to my husband to check the IP address of the metallurgical machine.

23
00:02:20,560 --> 00:02:22,110
Type of conflict.

24
00:02:28,570 --> 00:02:34,350
And you can see the IP address of my machine is ten point zero point two point sixteen.

25
00:02:34,690 --> 00:02:35,980
So minimize this step.

26
00:02:38,720 --> 00:02:46,760
And then in the browser, in the other section, typed ten point zero point two point sixteen and then

27
00:02:47,060 --> 00:02:47,900
hit enter.

28
00:02:50,380 --> 00:02:58,600
Metastable has opened and click to digitally login with the default user, and that is admin and password

29
00:02:58,600 --> 00:03:01,270
is password it all lowercase.

30
00:03:03,160 --> 00:03:08,710
You can see we have successfully launched into the real world application now make sure you practice

31
00:03:08,710 --> 00:03:11,140
all these practicals only in these machines.

32
00:03:11,470 --> 00:03:19,060
First, go to security settings, change the security to law, then click submit and now go to command

33
00:03:19,060 --> 00:03:19,750
execution.

34
00:03:20,380 --> 00:03:27,730
Now, here you can see on the screen that the command execution or whatever it is, the input box is

35
00:03:27,730 --> 00:03:32,020
asking us to enter an IP address so that it can ping it.

36
00:03:32,380 --> 00:03:38,890
So that type IP address of certified hacker and in order to find out, open the terminal window.

37
00:03:42,340 --> 00:03:48,310
And then we know how to find out IP address or just typing certified hacker dot com.

38
00:03:55,180 --> 00:04:00,100
And then hit a window so you can see press control, see to terminate.

39
00:04:03,270 --> 00:04:08,850
You can see the I.P. address is one sixty two point two point forty one point two and six point eleven.

40
00:04:09,210 --> 00:04:14,820
So just copy the IP address, go to your Firefox browser.

41
00:04:18,280 --> 00:04:23,530
And then just paste the IP address and now click submit, let us see what we get.

42
00:04:26,360 --> 00:04:31,290
Oh, it is actually bringing diapers, which our terminal just did now.

43
00:04:31,910 --> 00:04:38,720
So now, since we have to check this for commercial execution when they're ready and you will first

44
00:04:38,720 --> 00:04:40,430
need to know how this works.

45
00:04:40,790 --> 00:04:43,010
So just intervenors.

46
00:04:43,010 --> 00:04:45,170
Come on and let us see if it gets executed.

47
00:04:45,170 --> 00:04:45,950
Let us right.

48
00:04:46,190 --> 00:04:49,710
PWP, that is present, working directly and hit enter.

49
00:04:50,210 --> 00:04:54,920
No, we didn't get anything because it is asking for an IP address.

50
00:04:55,580 --> 00:04:57,200
Well, we should keep trying.

51
00:04:57,380 --> 00:04:59,570
So first time dippie address.

52
00:05:00,680 --> 00:05:02,660
Then type semicolon.

53
00:05:04,540 --> 00:05:07,480
And then take the command to see if this works.

54
00:05:13,290 --> 00:05:14,680
We have got two reasons.

55
00:05:14,730 --> 00:05:22,830
First is the IP address, and finally at the bottom, we have got the president working directory in

56
00:05:22,830 --> 00:05:24,660
which this machine is vulnerable.

57
00:05:25,170 --> 00:05:28,740
Now, you can see that directory is exactly the same.

58
00:05:28,780 --> 00:05:38,010
The yuan you can see let us try another command after probably like type code or else let us see what

59
00:05:38,010 --> 00:05:38,640
we can get.

60
00:05:41,040 --> 00:05:48,780
Well, this is also working, we have got three fires held in Texas, BHB answers, so this is how command

61
00:05:48,780 --> 00:05:54,090
execution is working, basically executing the Linux commands on that server.

62
00:05:54,450 --> 00:06:00,150
And this is really a very crucial vulnerability, because if you're going to execute or if you are able

63
00:06:00,150 --> 00:06:07,410
to execute the Linux commands an attack or a hacker can explode the entire server by utilizing advanced

64
00:06:07,410 --> 00:06:08,350
Linux commands.

65
00:06:09,120 --> 00:06:13,590
So this is how we execute or how to check for command execution.

66
00:06:13,590 --> 00:06:18,540
But obviously the security of this machine or this lab was low.

67
00:06:19,020 --> 00:06:25,710
In the next lecture, we will see how to exploit the command U.S. vulnerability for a medium security

68
00:06:25,710 --> 00:06:26,030
level.