# Code Execution

<figure><img src="https://healthiestlife4me.com/wp-content/uploads/2018/09/What-is-Windows-Code-Injection-and-why-it-can-be-dangerous.jpg" alt=""><figcaption></figcaption></figure>

This type of vulnerability lets us do:

* Allows an attacker to execute OS commands on the server.
* Can be used to get a **reverse shell or, upload any file using wget command**.

Example Using DVWA:

<figure><img src="https://1589701199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi9hCCmXtAKNvbIKRqULt%2Fuploads%2Fo5G5hG0cQS5Rp1RjiS8T%2FdvwaOScmd1.png?alt=media&#x26;token=515d5df5-2931-49d1-9812-6d7acae35c34" alt=""><figcaption></figcaption></figure>

* Here we have an input on the web application that pings the IP we provided to it.

<figure><img src="https://1589701199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi9hCCmXtAKNvbIKRqULt%2Fuploads%2F0qtvz8f7YNTe5X41pu3r%2FdvwaOScmd2.png?alt=media&#x26;token=b2181fb4-31d9-42c1-933d-7f082049589c" alt=""><figcaption></figcaption></figure>

* Supposing that behind is something like **"ping $IPvariable"** as a command.
* We can try to exploit using a colon ( **;** ) or a pipe ( **|** ) followed by the command we want to execute.
* So, the code behind will look something like this: (**"ping \<IP> ; whoami")** or **("ping \<IP> | whoami").**

<figure><img src="https://1589701199-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi9hCCmXtAKNvbIKRqULt%2Fuploads%2F5fwoPjrLcPTIYS1C6UvN%2FdvwaOScmd3.png?alt=media&#x26;token=925e36dc-6f18-49a1-a3ff-b0b12f4dc595" alt=""><figcaption></figcaption></figure>

* Here I wanted to gain access to the server so supposing it haves ***netcat***, I try to get a shell with.
* Successfully gain access to the server.

More explanation examples and details in the following below.

{% content-ref url="../../welcome/writeups/portswigger/os-command-injection" %}
[os-command-injection](https://hackzzz.gitbook.io/welcome/welcome/writeups/portswigger/os-command-injection)
{% endcontent-ref %}