Advanced Command Injection Exploitation: cmd.exe in the '00s presented at BlackHatDC 2010

by Bannedit ,


Summary : Command injection vulnerabilities have always been a neglected vulnerability class when it comes to exploitation. Many researchers simply view command injection bugs as a direct interface with a shell. While this is true, much more complex tasks can be achieved rather than just executing commands. The purpose of this talk is to discuss the advanced techniques to exploit command injection bugs to leverage more out of these types of vulnerabilities than just a shell. The techniques covered in this talk will show examples of taking a command injection bug and turning it into full native payload execution.