Sunday, December 4, 2011

DVWA - Command Execution: Medium, solved.


At low security, this task is pretty straighforward, especially if you've ever scheduled a cron job or had to join commands at the shell. Send in an ip and follow it up with either of the compound command operators we're familiar with, '&&' or ';'. Success.


At medium security, DVWA makes it a tad more difficult by stripping out those familiar operators. However, if we feed it an IP that doesn't respond to ICMP, it causes ping to return $? != 0.  Perfect time to append a double pipe - '||' - to the address. By doing this, we can direct the shell to execute the command(s) to the right of the pipes.

Quick background - the double pipe tells the shell to execute command2 only if command1 returns with a failure:

command1 || command2

Here's a practical example:

sh-3.2$ cat non_existent_file || echo "File not found"
cat: non_existent_file: No such file or directory
File not found

Whereas if we use '&&':

sh-3.2$ cat non_existent_file && echo "File not found"
cat: non_existent_file: No such file or directory

Notice, the 'echo' command does not get executed. For further info, look up "compound commands"


Edit - apparently you can also just use a single pipe. Makes sense.
Post a Comment