The weakest link on the network: Exploiting ADSL routers to perform cyber-attacks

Stasinopoulos, Anastasios; Ntantogian, Christoforos; Xenakis, Christos

doi:10.1109/isspit.2013.6781868

Cited by 2 publications

(1 citation statement)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More specically, in a previous paper [58], we investigated the security of a popular ADSL router named ZTE ZXV10 H108L ADSL 2+ Wireless Router, provided by the Telecommunication Company "WIND Hellas". Through the usage of Commix tool, we were able to automatically identify exploitable classic results-based, time-based blind and le-based semi blind command injection vulnerabilities on the "host" POST parameter of the "manager_dev_ping_t.gch", that allow an attacker to execute arbitrary commands on the target host system, with highly granular permissions/privileges.…”

Section: Wsn-ip-interoperabilitymentioning

confidence: 99%

Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications

Stasinopoulos

Ntantogian

Xenakis

2018

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

Despite the prevalence and the high impact of command injection attacks, little attention has been given by the research community to this type of code injections. Although there are many software tools to detect and exploit other types of code injections, such as SQL injections or Cross Site Scripting, there is no dedicated and specialized software that detects and exploits, automatically, command injection vulnerabilities. This paper proposes an open source tool that automates the process of detecting and exploiting command injection aws on web applications, named as COMMand Injection eXploiter (Commix). We present and elaborate on the software architecture and detection engine of Commix as well its extra functionalities that greatly facilitate penetration testers and security researchers in the detection and exploitation of command injection vulnerabilities. Moreover, based on the knowledge and the practical experience gained from the development of Commix, we propose and analyze new identied techniques that perform side-channel exploitation for command injections allowing an attacker to indirectly deduce the output of the executed command (i.e., also known as blind command injections). * stasinopoulos@unipi.gr † dadoyan@unipi.gr ‡ xenakis@unipi.gr 1 Furthermore, we evaluate the detection capabilities of Commix, by performing experiments against various applications. The experimental results show that Commix presents high detection accuracy, while at the same time false positives are eliminated. Finally and more importantly, we analyze several 0-day command injection vulnerabilities that Commix detected in real-world applications. Despite its short release time, Commix has been embraced by the security community and comes preinstalled in many security-oriented Operating Systems (OS) including the well-known Kali Linux.Keywords:Command injection · code injection · exploitation · software tool · web security 1 IntroductionCode injection, is a general term for attacks that consist of injecting code, which is consequently executed by a vulnerable application. This type of attacks is considered as a major security threat which in fact, is classied as No. 1 on the 2013 OWASP top ten web security risks [1]. A code injection vulnerability, exploits poor handling of untrusted data and allows an attacker to insert arbitrary code (or commands) into the application, resulting in an unplanned execution behavior.There are many types of code injections attacks including command injections, SQL In this paper, we will exclusively deal with command injection attacks and we will refer to them as "command injections". They are also named in the literature as "shell command injections" or "Operating system command injections", because this type of attack, occurs when the application invokes the OS shell (shell commands on Unix based Systems, command prompt shell on Windows).Command injections may occur in applications that accept user provided input and execute OS commands using as parameters the received input. They have...

show abstract

Section: Wsn-ip-interoperabilitymentioning

confidence: 99%