Command Injection Vulnerability | TryHackMe OWASP Top 10
Learn about command injection risks in cybersecurity with TryHackMe's OWASP Top 10 walkthrough. 🚀
Motasem Hamdan
17.8K views • Nov 25, 2020
About this video
🚀 Cyber Security Certification Notes
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
****
In this video walkthrough, we covered command injection vulenrability as part of TryHackMe OWASP TOP 10 room.
*****
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
**********
TryHackMe OWASP TOP 10
https://tryhackme.com/r/room/owasptop10
Writeup
https://motasem-notes.net/en/tryhackme-owasp-top-10/
********
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
****
0:01 - Introduction to TryHackMe OWASP Top 10 Challenge
0:04 - Overview of Command Injection (Evil Shell)
0:18 - Understanding Command Injection and Input Fields
0:43 - Example of Vulnerable Input Field for Command Execution
1:09 - Source Code Analysis of the Command Injection Vulnerability
2:01 - Explanation of Pass-Through Function and Input Validation
2:53 - Demonstrating Active Command Injection
3:10 - Setting Up for Reverse Shell Exploitation
4:22 - Using PHP to Establish a Reverse Shell Connection
5:02 - Executing Reverse Shell and Confirming Connection
6:04 - Navigating the Website Root Directory
6:18 - Answering Challenge Questions: Strange Files and Users
6:50 - Identifying Non-Root, Non-Service, Non-Daemon Users
7:30 - Determining the Application’s Running User and Shell
8:15 - Finding the Version of Ubuntu on the Target Machine
9:25 - Viewing MOTD (Message of the Day) for Dr. Pepper Message
11:46 - Summary of OWASP Top 10 Topics Covered
12:04 - Preview of Remaining OWASP Vulnerabilities
12:12 - Conclusion and Upcoming Topics
https://shop.motasem-notes.net/collections/cyber-security-study-notes
🚀OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
💡Cyber Security Notes | Membership Access
https://buymeacoffee.com/notescatalog/membership
🔥Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
****
In this video walkthrough, we covered command injection vulenrability as part of TryHackMe OWASP TOP 10 room.
*****
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
**********
TryHackMe OWASP TOP 10
https://tryhackme.com/r/room/owasptop10
Writeup
https://motasem-notes.net/en/tryhackme-owasp-top-10/
********
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
https://www.instagram.com/mastermindstudynotes/
https://twitter.com/ManMotasem
https://www.facebook.com/motasemhamdantty/
****
0:01 - Introduction to TryHackMe OWASP Top 10 Challenge
0:04 - Overview of Command Injection (Evil Shell)
0:18 - Understanding Command Injection and Input Fields
0:43 - Example of Vulnerable Input Field for Command Execution
1:09 - Source Code Analysis of the Command Injection Vulnerability
2:01 - Explanation of Pass-Through Function and Input Validation
2:53 - Demonstrating Active Command Injection
3:10 - Setting Up for Reverse Shell Exploitation
4:22 - Using PHP to Establish a Reverse Shell Connection
5:02 - Executing Reverse Shell and Confirming Connection
6:04 - Navigating the Website Root Directory
6:18 - Answering Challenge Questions: Strange Files and Users
6:50 - Identifying Non-Root, Non-Service, Non-Daemon Users
7:30 - Determining the Application’s Running User and Shell
8:15 - Finding the Version of Ubuntu on the Target Machine
9:25 - Viewing MOTD (Message of the Day) for Dr. Pepper Message
11:46 - Summary of OWASP Top 10 Topics Covered
12:04 - Preview of Remaining OWASP Vulnerabilities
12:12 - Conclusion and Upcoming Topics
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
17.8K
Likes
189
Duration
12:20
Published
Nov 25, 2020
User Reviews
4.4
(3) Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now