命令注入工具Commix介绍及使用

  Commix 是使用 Python 开发的命令注入漏洞测试工具。 该工具旨在方便地检测请求是否存在命令注入漏洞并进行测试。 

  常见选项包括:

  目标相关:

    -u URL, --url = URL target URL.     设定目标URL(即可能存在命令注入漏洞的URL)


  请求相关:

    --data= Data                        设定通过POST提交的数据,很重要的一个参数--host= HOST HTTP host header.      设定提交的请求中的host字段,一般情况下不需要设定--user-agent= AGENT                 设定提交的请求中的User-Agent字段,避免目标网站基于User-Agent进行过滤(比如防爬虫)--cookie= COOKIE HTTP Cookie header.设定提交的请求中的Cookie值,很重要的一个参数,如果可能存在命令注入漏洞的URL是需要在用户登录以后才能访问的情况下,需要带上该参数--headers= HEADERS additional headers (e.g. "Header1: Value1/nHeader2: Value2").  设定提交的请求中报文头部的其他字段
    

  文件访问:

    These options can be used to access files on the target host.

    - file-read = FILE .. Read the file from the target host.       从目标网站下载的文件的路径
    - file-write = FIL .. Write a file on the target host.          上传至目标网站的文件的路径(这里是本地的路径)
    - file-upload = FI .. Upload the file on the target host.
    - file-dest = FILE ..                                           上传至目标网站的目标路径,也就是网站上的路径(绝对路径)

  以Metaploitable2中的DVWA应用为例进行说明,已经知道该URL存在命令注入漏洞: http://192.168.140.137/dvwa/vulnerabilities/exec/#

  现在用Commix对该漏洞进行测试:

# commix -u 'http://192.168.140.137/dvwa/vulnerabilities/exec/#' --cookie='security=low; PHPSESSID=b33b449bd2cb99c0a1b7693627b5d603' --data='ip=INJECT_HERE&submit=submit'

[warning] Python version 3.9.10 detected. You are advised to use Python version 2.7.x.
                                      __
   ___   ___     ___ ___     ___ ___ /\_\   __  _
 /`___\ / __`\ /' __` __`\ /' __` __`\/\ \ /\ \/'\  v3.3-stable
/\ \__//\ \/\ \/\ \/\ \/\ \/\ \/\ \/\ \ \ \\/>  </
\ \____\ \____/\ \_\ \_\ \_\ \_\ \_\ \_\ \_\/\_/\_\ https://commixproject.com
 \/____/\/___/  \/_/\/_/\/_/\/_/\/_/\/_/\/_/\//\/_/ (@commixproject)

+--
Automated All-in-One OS Command Injection Exploitation Tool
Copyright © 2014-2021 Anastasios Stasinopoulos (@ancst)
+--

(!) Legal disclaimer: Usage of commix for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

[warning] You haven't updated commix for more than 212 days!
[info] Testing connection to the target URL.
[warning] Got a 302 redirection (http://192.168.140.137/dvwa/login.php).

 

posted @ 2022-04-15 11:27  Jason_huawen  阅读(2086)  评论(0编辑  收藏  举报