Student Reviews
( 5 Of 5 )
1 review
Video of Command Injection Vulnerability Explained TryHackMe Junior Penetration Tester in Web PenTesting course by Motasem Hamdan Cyber Security & Tech channel, video No. 28 free certified online
In this video walk-through, we covered command injection vulnerability and how input sanitisation and validation are critical in preventing exploiting this vulnerability.
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
Challenge Answers
https://motasem-notes.net/command-injection-vulnerability-tryhackme-junior-penetration-tester/
TryHackMe Command Injection
https://tryhackme.com/r/room/oscommandinjection
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:00 - Introduction to Command Injection Room
0:04 - Overview of the Junior Penetration Tester Pathway
0:22 - Command Injection: Executing System Commands via Web Input
0:33 - Exploring the Target Web Application and Input Fields
0:42 - Using the Ping Command to Test IP Availability
1:13 - Understanding Command Execution and Output Interpretation
1:47 - Vulnerable Code Example and Input Validation Issues
2:51 - Common Command Injection Payloads and Syntax
3:28 - Command Injection Formula Using Semicolon or Ampersand
4:03 - Testing for Command Injection Vulnerability
4:49 - Example Injection: Running Additional Commands
5:17 - Retrieving User ID and Confirming Command Injection
5:48 - Preventing Command Injection: Input Sanitization Techniques
6:00 - Pattern Filtering for Input Validation
7:03 - PHP Input Filtering Functions for Security
7:30 - Taking the Exploit Further with File Access
7:55 - Attempting to Read /etc/passwd and /etc/shadow Files
8:43 - Setting Up a Reverse Shell Using Netcat
9:07 - Catching a Reverse Shell for Full System Access
9:22 - Answering Challenge Questions in TryHackMe Room
10:20 - Displaying the Flag Contents
10:25 - Process of Input Sanitization for Web Security
10:58 - Overview of Remaining Pathway Rooms
11:18 - Upcoming Topics: Nmap, Burp Suite, and Network Security
11:53 - Preview of Final Challenge: Network Security Tools
12:10 - Conclusion and Upcoming Videos