Loading...

Using Command Injection to Dump Files, Start Services, and Disable Firewall

6,281 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 14, 2012

Author: Jeremy Druin
Twitter: @webpwnized
Description: Using a vulnerable page in the mutillidae web application, we use command injection to list directories on the servers operating system. After gaining access to web source code files and listing contents, we list the Windows services running, start the telnet service, then disable the server firewall to give us access to the telnet service. Mutillidae is a deliberately vulnerable web application designed to allow pen testers and security enthusiasts to pratice finding web app vulnerabilities. Mutillidae is a free download at Sourceforge. Updates are tweeted to @webpwnized. Thank you for watching. Please support this channel. Up vote, subscribe or even donate by clicking "Support" at https://www.youtube.com/user/webpwnized!

Loading...

Advertisement
When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...