Soft Skill

Command Injection

Required Reading

Idea

The most famous example for command injection is ping 127.0.0.1 ; ls. Here the intended functionality is just ping 127.0.0.1, but the attacker can utilize &&, ||, and ; in Linux to execute extra commands:

  • In Linux, the return value of the previous command is stored in $?. If $? == 0, the command is successful; if $? == 1, the command is failed.

  • && and || determine the status of previous command based on $?.

  • Suppose we have command1 && command2, then command2 will be executed if and only if command1 succeeded ($? == 0).

  • Suppose we have command1 || command2, then command2 will be executed if and only if command1 failed ($? == 1).

  • Suppose we have command1 ; command2, then command2 will always be executed, no matter command1 succeeded or not. This is the most common payload for command injection.