OS Command Injection : Simple yet effective

What is OS Command Injection

OS Command Injection is a vulnerability which describes improper neutralization of special elements. It can result in modification of the intended OS command that is sent to a downstream component.
So, OS command injection weaknesses can expose an environment to an attacker even if he does not have direct access to the operating system. Also, if the application is running with higher privilege, it may allow an attacker to specify commands that may not be available otherwise.

Running OS commands is very useful functionality but it can equally trigger a vulnerability if not used correctly.

Types of OS Command Injection

There are two sub-types of command Injection.

  • An application executes a fixed program that is under its control and accepts external input as arguments to that program. e.g. the application may run system(“nslookup [HOSTNAME]”) to run nslookup and allow the user to supply a HOSTNAME, which is actually an argument.
    Interestingly, if the program does not remove separators from the externally supplied HOSTNAME argument, the attacker could place separators inside the argument and execute his own command.
  • The application uses input to select which program to run and what commands to use. The application sanitizes the input and then simply redirects the entire command to the operating system.

Read more

Kernel bridge is melting down – Meltdown Vulnerability with POC on Ubuntu/Kali(Intel)

Hello folks ! I know it has been a long while since I wrote on this weblog. But the start of this year was much enthusiastic in terms of newly discovered vulnerabilities. Yes I am talking about Spectre and Meltdown
So today we will discuss about Meltdown. 

What the heck it is !

Spectre and Meltdown are the different variants of the same fundamental underlying vulnerability that affects nearly every computer chip manufactured in the last 20 years. If exploited, it allows attackers to get access to data previously considered completely protected. These vulnerabilities involve a malicious program gaining access to unauthorized data, and by exploiting two important techniques used to speed up computer chips, called speculative execution and caching.

When I first heard about this vulnerability the first thing came into my mind was how it is possible to have unprivileged access as we already have “Page Tables” in place. But as it still happened. lets see how.

So when a software running on a Core requires memory it starts a so called “load” command. The load command is then processed in multiple stages until the data is found and returned or an error occurred. Below is the simple representation of the memory subsystem.

Read more