1 00:00:06,610 --> 00:00:08,450 - Command injection is an attack 2 00:00:08,450 --> 00:00:10,650 where you try to execute commands 3 00:00:10,650 --> 00:00:13,140 that you're not supposed to be able to execute 4 00:00:13,140 --> 00:00:16,530 on a system via a vulnerable application. 5 00:00:16,530 --> 00:00:19,500 Now, command injection attacks are possible 6 00:00:19,500 --> 00:00:23,400 whenever an application doesn't validate any data 7 00:00:23,400 --> 00:00:25,660 supplied by the user. 8 00:00:25,660 --> 00:00:29,470 For example, you know, data that you can enter in web forms, 9 00:00:29,470 --> 00:00:33,980 in cookies, HTTP headers, and many others. 10 00:00:33,980 --> 00:00:37,490 Then the system passes that into a system shell. 11 00:00:37,490 --> 00:00:41,280 In this attack, you try to send operating system commands, 12 00:00:41,280 --> 00:00:45,300 so you can actually cause the application to execute them 13 00:00:45,300 --> 00:00:48,240 with the privileges that the application 14 00:00:48,240 --> 00:00:49,420 is actually running, 15 00:00:49,420 --> 00:00:51,490 so the vulnerable application is running. 16 00:00:51,490 --> 00:00:52,950 I want to make sure that you understand 17 00:00:52,950 --> 00:00:55,150 that this attack is not the same 18 00:00:55,150 --> 00:00:58,060 as code execution or code injection 19 00:00:58,060 --> 00:01:01,360 that you see whenever you exploit a buffer overflow, right? 20 00:01:01,360 --> 00:01:04,780 Now, command injection is not a popular attack anymore, 21 00:01:04,780 --> 00:01:08,100 because a lot of modern application frameworks 22 00:01:08,100 --> 00:01:11,250 have a lot better defenses against them. 23 00:01:11,250 --> 00:01:14,250 Now the folks from the OWASP organization 24 00:01:14,250 --> 00:01:15,464 have a good reference 25 00:01:15,464 --> 00:01:18,180 on how command injection actually works, 26 00:01:18,180 --> 00:01:20,300 in the link that I'm actually sharing in the screen, 27 00:01:20,300 --> 00:01:21,410 but in the next lesson 28 00:01:21,410 --> 00:01:24,030 we will go over a detailed example 29 00:01:24,030 --> 00:01:25,700 of how actually this works, 30 00:01:25,700 --> 00:01:29,303 and how to exploit these command injection vulnerabilities.