OS Injection - Learning section
The Portswigger Web Academy
Link: OS command injection
After the activity
You now know:
- What OS command injection is.
- Execute arbitrary commands.
- Linux useful commands.
- Windows useful commands.
- What blind OS command injection vulnerabilities are.
- How to detect blind OS command injection using time delays.
- Exploit blind OS command injection by redirecting output.
- Many ways of injecting OS commands.
Try Hack Me - Injection
In Try Hack Me we are going to use the Injection room. It's a great place to practice and learn, it has a nice site to practice with.
Link: Injection
After the activity
You reviewed:
- Command injection vulnerability.
- Blind Command Injection.
- Active command Injection.
PayloadAllTheThings
Also remember that you can always visit PayloadAllTheThings if you need a payload or a brief explanation.
Link: Command Injection