How to do Command Injection Attack ?

Is article mai apko Command Injection ke practical ke bare mai btaya ja raha hai. Command Injection attack ke bare mai apko pahle bhi Website hacking ke article mai btaya gaya hai.

Yaha hum apko Command Injection ka practical localhost par karke bata rahe hai. Kyoki aise kisi live website par yeh attack show nahi kiya ja sakta hai.

Hum apko detail mai Command Injection ke bare mai bata rahe hai. Jis tarah se hum apne setup kar yeh attack ko bata rahe hai. Kisi live website par bhi aise hi kiya jata hai.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

Also Read

How to hack Facebook using Cookies Hijacking ?

What is Paste Jacking and How to do it ?

What is Command Injection ?

Jaise ki naam se hi pata chalta hai. Command Injection kisi command ko inject karke targeted website mai se information ko nikalna ya use hack karna.

Command Injection attack mai hacker apne targeted website mai se information ko collect karte hai. Jinhe public nahi kiya gaya hota hai. Yeh attack tabhi ho pata hai jab yeh vulnerability kisi website mai hoti hai.

Command Injection attack ka use karke hacker database ko bhi nikal sakte hai. Lekin apko iske bare mai deeply knowledge honi chahiye. Yeh attack hum apko DVWA or Bwapp mai karke bata rahe hai.

Yeh attack code injection ki tarah nahi hota hai. Code injection mai hackers apne bnaye gaye codes ko kisi website mai inject karte hai. Command Injection mai hackers kuch predefined commands ka use karte hai.

Jaise hum kisi program ko jab run karte hai tab hume uska output milta hai. Aise hi hum agar usi program ko kuch commands ke through jab run karte hai tab hume output mai jada information mil jati hai.

Yeh sab aap jab practical karege apko khud hi samjh mai ane lag jayga. Command Injection, Facebook Hacking, Whatsapp hacking ya kisi bhi tarah ka attack ho sab apki practice par depend karta hai.

How to do Command Injection ?

Hum apko yeh attack DVWA or bwapp mai karke bata rahe hai. DWVA or Bwapp ke setup ke bare mai apko pahle hi bata diya gaya hai. Aap veh bhi dekh sakte hai.

Sabse pahle hum apko DVWA ki low security mai yeh attack perform karke bata rahe hai. Yeh sab apko pahle btaya gaya hai kis tarah se security ko set kiya jata hai.

Sabse pahle aap command injection ko jab select karte hai. Apke samne enter your ip address ka option ata hai.

DVWA

Command Injection

Yaha humne local host ka IP address diya hai 127.0.0.1 . Yeh is tarah se connection ko check karne ke baad aap command de sakte hai 127.0.0.1 & dir kuch is tarah.

Jaise ki hum jante hai dir ka use directory files ko dekhne ke liye hota hai. Jis tarah se Kali linux mai ls command ka use kiya jata hai. Dir command dene se aap dekh sakte hai directory show ho gyi hai.

Yaha se in directory ke through aap kisi bhi file mai enter ho sakte hai. Yeh apko isliye btaya ja raha hai. Kyoki yeh sab information publicly available nahi hoti hai. Lekin Command Injection ke through aisa kiya jata hai.

Aap kuch is tarah se dir command ke age jab karte hai. Aise mai apko or depth mai information milne lag jati hai. Yaha is tarah se age folder ke name ko likh kar usme bhi enter kiya ja sakta hai. (127.0.0.1 & dir ..\..\csrf)

Command Injection

Aap dekh sakte hai is tarah se csrf ke folder ki information ko collect kiya jata hai. Yaha se aap iske or bhi andar ja sakte hai. Ek bar directory mil jane par aap kisi bhi file mai enter ho sakte hai.

Is tarah se files mai enter hua jata hai (127.0.0.1 & dir ..\..\csrf \index.php) is tarah se file ko open bhi kiya ja sakta hai. Is tarah se Command injection work karta hai.

Yaha aap ise copy karke ek new file bna sakte hai or use bhi open kar sakte hai. (127.0.0.1 & copy ..\..\csrf\ index.php newfile) kuch is tarah se file ko copy karke new bhi bnaya ja sakta hai.

Security ko High ya medium karne par is attack ko apko kuch is tarah run karvana hota hai. (127.0.0.1 | dir) or (127.0.0.1 || dir).

Command Injection

BWAPP

Jaise apko DVWA mai command injection attack perform karke dikhaya gaya hai. Aise hi aap ise Bwapp mai bhi karke dekh sakte hai.

Sabse pahle aap Bwapp ko apne localhost par install karle. Yeh apko pahle btaya gaya hai. Bwapp ka setup karne ke baad aap OS Command Injection ko select karle.

Command Injection

Yaha apko nsa.gov likha hua milta hai. Aap chahe to vahi par bhi yeh attack try kar sakte hai. Jaise Dvwa mai security par btaya gaya hai yaha bhi vaise hi kiya jata hai.

Yaha bhi aap dekh sakte hai kuch is tarah se hi security ke hisab se aap command injection attack ko try kar sakte hai. Jaise DVWA mai folder mai enter hona copy karna btaya gaya hai. Yaha bhi aap kar sakte hai.

Command Injection

Aap bhi yeh sab practice DVWA ya bwapp mai hi karen. Owsap mai bhi iska use kar sakte hai. Aap kisi bhi aise platform par iski practice kar sakte hai jinhe website hacking ki practice ke liye bnaya gaya hai.

The Conclusion

Hum umeed karte hai ki apko OS Command Injection attack ke bare mai pata chal gaya hoga. Yeh sabhi aapko practically educational purpose ke liye btaya ja raha hai.

Aap kabhi bhi inka miss use mat karen. Aap agar bug bounty karna chahte hai taab aap inka use kar sakte hai. Lekin kisi bhi tarah ki illegal hacking mat karen.

Yeh sab apko yaha jo kuch bhi btaya ja raha hai paid courses mai btaya jata hai. Lekin hum jante hai ki sabhi courses ko afford nahi kar sakte hai. Isliye yaha hum apko veh sabhi chije free mai bata denge.

Jinke courses bnaye jate hai or unhe sale kiya jata hai. Aap bas kisi bhi chij ka illegal use mat karen. Yeh sab aap sikhne ke liye use kare or Ethical hacker bane ke liye use karen.

Agar apka kisi bhi tarah ka koi question hai aap comment mai puch sakte hai. Humari taraf se apki puri help ki jayegi. Humare articles ko share karna mat bhulen.

Thankyou and Support Us

2 Comments

  1. Really amazing blog with amazing articles
    i am really impressed with your articles
    these are wrking
    n well explained step to step n really it is esy to follw u
    really
    i love ur blogs
    you r really doing a very amazing wrk
    thanks n keep it up
    ?????

  2. This is very interesting, You’re a very skilled blogger. I have joined your feed and look forward to seeking more of your excellent post. Also, I’ve shared your web site in my social networks!

Leave a Reply

Your email address will not be published.


*