Student Reviews
( 5 Of 5 )
1 review
Video of Command Injection Vulnerability Explained TryHackMe OWASP TOP 10 Walkthrough in Web PenTesting course by Motasem Hamdan Cyber Security & Tech channel, video No. 62 free certified online
In this video walkthrough, we covered command injection vulenrability as part of TryHackMe OWASP TOP 10 room.
Receive Cyber Security Field Notes and Special Training Videos
https://www.youtube.com/channel/UCNSdU_1ehXtGclimTVckHmQ/join
TryHackMe OWASP TOP 10
https://tryhackme.com/r/room/owasptop10
Writeup
https://motasem-notes.net/en/tryhackme-owasp-top-10/
Store
https://buymeacoffee.com/notescatalog/extras
Patreon
https://www.patreon.com/motasemhamdan
Instagram
https://www.instagram.com/mastermindstudynotes/
Google Profile
https://maps.app.goo.gl/eLotQQb7Dm6aiL8z6
LinkedIn
[1]: https://www.linkedin.com/in/motasem-hamdan-7673289b/
[2]: https://www.linkedin.com/in/motasem-eldad-ha-bb42481b2/
Instagram
https://www.instagram.com/mastermindstudynotes/
Twitter
https://twitter.com/ManMotasem
Facebook
https://www.facebook.com/motasemhamdantty/
0:01 - Introduction to TryHackMe OWASP Top 10 Challenge
0:04 - Overview of Command Injection (Evil Shell)
0:18 - Understanding Command Injection and Input Fields
0:43 - Example of Vulnerable Input Field for Command Execution
1:09 - Source Code Analysis of the Command Injection Vulnerability
2:01 - Explanation of Pass-Through Function and Input Validation
2:53 - Demonstrating Active Command Injection
3:10 - Setting Up for Reverse Shell Exploitation
4:22 - Using PHP to Establish a Reverse Shell Connection
5:02 - Executing Reverse Shell and Confirming Connection
6:04 - Navigating the Website Root Directory
6:18 - Answering Challenge Questions: Strange Files and Users
6:50 - Identifying Non-Root, Non-Service, Non-Daemon Users
7:30 - Determining the Application’s Running User and Shell
8:15 - Finding the Version of Ubuntu on the Target Machine
9:25 - Viewing MOTD (Message of the Day) for Dr. Pepper Message
11:46 - Summary of OWASP Top 10 Topics Covered
12:04 - Preview of Remaining OWASP Vulnerabilities
12:12 - Conclusion and Upcoming Topics