تقييمات الطلاب
( 5 من 5 )
١ تقييمات
فيديو شرح Command Injection Vulnerability Explained TryHackMe Junior Penetration Tester ضمن كورس اختبار اختراق المواقع شرح قناة Motasem Hamdan، الفديو رقم 10 مجانى معتمد اونلاين
Cyber Security Certification Notes
https://shop.motasem-notes.net/collections/cyber-security-study-notes
OR Certification Notes with Cheat Sheets
https://buymeacoffee.com/notescatalog/extras
Cyber Security Notes Membership Access
https://buymeacoffee.com/notescatalog/membership
Download FREE Cyber Security 101 Study Notes
https://buymeacoffee.com/notescatalog/e/290985
In this video walk-through, we covered command injection vulnerability and how input sanitisation and validation are critical in preventing exploiting this vulnerability.
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
Challenge Answers
https://motasem-notes.net/command-injection-vulnerability-tryhackme-junior-penetration-tester/
TryHackMe Command Injection
https://tryhackme.com/r/room/oscommandinjection
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/motasem.hamdan.official/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 - Introduction to Command Injection Room
0:04 - Overview of the Junior Penetration Tester Pathway
0:22 - Command Injection: Executing System Commands via Web Input
0:33 - Exploring the Target Web Application and Input Fields
0:42 - Using the Ping Command to Test IP Availability
1:13 - Understanding Command Execution and Output Interpretation
1:47 - Vulnerable Code Example and Input Validation Issues
2:51 - Common Command Injection Payloads and Syntax
3:28 - Command Injection Formula Using Semicolon or Ampersand
4:03 - Testing for Command Injection Vulnerability
4:49 - Example Injection: Running Additional Commands
5:17 - Retrieving User ID and Confirming Command Injection
5:48 - Preventing Command Injection: Input Sanitization Techniques
6:00 - Pattern Filtering for Input Validation
7:03 - PHP Input Filtering Functions for Security
7:30 - Taking the Exploit Further with File Access
7:55 - Attempting to Read /etc/passwd and /etc/shadow Files
8:43 - Setting Up a Reverse Shell Using Netcat
9:07 - Catching a Reverse Shell for Full System Access
9:22 - Answering Challenge Questions in TryHackMe Room
10:20 - Displaying the Flag Contents
10:25 - Process of Input Sanitization for Web Security
10:58 - Overview of Remaining Pathway Rooms
11:18 - Upcoming Topics: Nmap, Burp Suite, and Network Security
11:53 - Preview of Final Challenge: Network Security Tools
12:10 - Conclusion and Upcoming Videos