View RSS Feed

plage

Commix : Automated All-in-One OS Command Injection and Exploitation Tool

Rating: 4 votes, 2.75 average.
Quote Originally Posted by plage View Post
Hello all, It recently came to my attention a command injection exploitation tool, which has the name commix ( 1 ) and by using it, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string.

Commix seems to be a great command injection tool which successfully exploits many vulnerable applications such as DVWA, bWAPP, ShelLOL, Persistence, Kioptrix(2014), w3af-moth etc.

I found references on that tool in many sites, like TrustedSec's Security Podcast Episode 6 ( 2 ) softpedia ( 3 ) and packetstormsecurity ( 4 ) and darknet.org.uk ( 5 ). As I noted recently it has been added to trustedsec's Penetration Testers Framework (PTF) ( 6 ). In the official github page ( 1 ), several exploitation examples ( 7 ), demos ( 8 ) and examples of combinatorial use of commix with other tools ( 9 ) (i.e metasploit and weevely) are posted .



References
( 1 ) https://github.com/stasinopoulos/commix
( 2 ) https://www.trustedsec.com/may-2015/...-6-show-notes/
( 3 ) http://news.softpedia.com/news/Commi...s-477728.shtml
( 4 ) http://packetstormsecurity.com/files...tion-Tool.html
( 5 ) http://www.darknet.org.uk/2015/04/co...n-attack-tool/
( 6 ) https://github.com/trustedsec/ptf
( 7 ) https://github.com/stasinopoulos/com...Usage-Examples
( 8 ) https://www.youtube.com/channel/UCFG...jdvyIiSy0mPI4A
( 9 ) https://github.com/stasinopoulos/com.../Upload-shells
Tags: None Add / Edit Tags
Categories
Uncategorized

Comments

Trackbacks

Total Trackbacks 0
Trackback URL: