#7 Commix | OS Command Injection and Exploitation Tool | Bug Hunting

Описание

#7 Commix | OS Command Injection and Exploitation Tool | Bug Hunting

#hackingcourse #bughunting #cyberskipper

Introduction to Commix
Commix is a free and open-source tool available on GitHub. This tool is a powerful tool used for exploiting command injection vulnerabilities in websites and web applications. Command injection is a vulnerability that usually occurred in web applications. In terms of cyber security, command injection is also called shell injection. Commix is written in python language. You must have python installed on your kali Linux operating system. The interactive console is very similar to metasploitable 1 and metasploitable which makes it easy to use. This tool works as a tester of a command injection vulnerability in websites and web applications.

Working of Commix
Commix tool comes with different modules installed within it which lets its user find out vulnerability in the target application. Commix attack on target URL using data strings or HTTP header or cookies also on authentication parameters. In commix, users can find different enumeration options. By using commix user can perform two types of command injection. The first is the result-based command injection technique and the second is the blind command injection technique.

Result Based Command Injection: RBCI or Result Based Command Injection technique is a type of command injection technique in which all commands that the attacker fires in a web application will reflect back to the attacker.

Blind Command Injection Technique: BCIT is a command injection technique where the attacker has not received any reflection back from the browser.

Installation

cd Desktop
git clone https://github.com/commixproject/commix.git commix
cd commix
ls
python3 commix.py

Example:- commix -u 'target url' --cookie="website cookie" --data="request parameter INJECT_HERE"


मुझे उम्मीद है कि यह वीडियो आपकी बहुत मदद करेगा।

If you have any questions or suggestions feel free to ask
in the comments section or on my social networks.

? Support banaya rakhna is channel par


? Your Quarry
Cyber Skipper,
cyber skipper,
bug bounty,
bug bounty tools,
command injection,
command injection attack,
command injection attack example,
command injection attack in dvwa,
command injection dvwa,
command injection poc,
command injection practical,
command injection practical tryhackme,
command injection tryhackme,
command injection tryhackme walkthrough,
command injection vulnerability,
damn vulnerable web application,
injection attack,
injection attacks,
os command injection,
os command injections,
shell injections,
web injection attacks,
commix,
testbed,
pentesting,
web app vulnerabilities

? We comming soon lots of video tutorials together

1. Advance Ethical Hacking Course In Hindi
2. Advance Penetration Testing
3. Bug Bounty
4. Nmap Beginning to Advance Course
5. Wireshark Beginning to Advance Course
6. Threat Demonstration and Analysis videos
7. Cyber Forensic
8. Web Penetration Testing
9. Android Penetration Testing
.
.
and many more coming soon:-)

? Socially Connect Rahiye - Connect With Us!
-------------------------------
instagram : https://www.instagram.com/cyber_skipper/
Twitter : https://twitter.com/skipper_cyber
website : http://cyberskipper.in/
--------------------------------

देखने के लिए धन्यवाद
Thanks for watching!

आपका समर्थन हमारी संपत्ति है
You Support is our Asstet so..

Subscribe || like || Comments

Subhayan Goswami From Kolkata #subhogoswami