Bash Injection

Page last edited 302 days 7 hours ago by Phmadore

A bash injection, also called shell injection or command injection is any method of code injection which involves escalating privileges from none to root and thus having full control of the system. While this definition may be more detailed than a fairer description, it is important to note that a bash injection which does not result in root access cannot rightly be considered a full-scale system compromise. Bash vulnerabilities have existed as long as the terminal itself has, and are continually patched.

Command injections have most famously and historically taken place on Unix-based systems, but any operating system which allows programs to access the command line could also potentially be victimized by a command injection -- meaning all major desktop systems in use today.

An example of a successful bash injection.

Some languages are more suited to command injections than others. Python, which has numerous functions for navigating a file system, might likely be the attacker's tool of choice. This cannot be said without noting that Python is useful for endless other applications, and also without pointing out that Python is not the only language suited for code injection -- any programming language will do. If a system has PHP installed, it is also good for this sort of thing.

The difference between a bash injection and other types of injections is the level of privileges that can be garnered through them. If a vulnerability is found in a server and the attacker is able to gain shell access in the first place, there is already a problem. If they are from there able to exploit known vulnerabilities, trouble for the system administrator will most certainly ensue.

Article info

Categories: Techniques