Workshop: Command Injection

IEEE OC Cybersecurity SIG

Wed, July 27, 2016, 6-8 PM
Sam Bowne

Home Page



Workshop Description

The most important cybersecurity problem in the world is Code Injection, responsible for over 95% of all stolen data.

In this workshop, participants will exploit command injection vulnerabilities in a CTF-style series of challenges:

  1. Ping form
  2. Buffer overflow into shell command
  3. ImageMagick exploitation
  4. SQL injection
No previous coding experience is required. For the basic challenges, all you need is a computer with a Web browser. For the more advanced challenges, you need a Kali Linux machine (real or virtual).

Command Injection Challenges

You need a computer with a Web browser

1. Ping Form: Command Injection Winners
2. Buffer Overflow: Command Injection Winners
3. ImageMagick: Command Injection Winners
4. SQL Injection Winners 1     Winners 2     Winners 3
CodeCademy SQL Lesson

More About SQL Injection

You need a Kali Linux machine

Installing SQLol
SQLi: Attacking with Havij and Defending with Input Filtering
Exploiting SQLi with sqlmap
Fixing MySQL with Parameterized Queries

Ethical Hacking Class

Exploit Development

You need a Kali Linux machine

Linux Buffer Overflow: Command Injection · Winners
Linux Buffer Overflow Without Shellcode Practice
Linux Buffer Overflow Without Shellcode Challenges
Linux Buffer Overflow With Dash Shellcode Practice
Remote Linux Buffer Overflow With Metasploit Shellcode Practice
Linux Buffer Overflow With Shellcode Challenges · Winners

Exploit Development Class

Malware Analysis Class

Posted 7-1-16 7:30 am by Sam Bowne
Last modified 7-16-16