GCIH · Question #691
When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?
The correct answer is C. Verification of a blind attack. In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.
Question
When probing for command injection opportunities on a remote host, why would an attacker target her own address space from the remote host?
Options
- ACollection of URL session tokens
- BLegal requirement
- CVerification of a blind attack
- DDetect target's operating system
How the community answered
(49 responses)- A10% (5)
- B4% (2)
- C63% (31)
- D22% (11)
Why each option
In blind command injection, the server does not return command output in any visible channel, so causing the remote host to send traffic back to the attacker's own system confirms that arbitrary code execution is occurring.
URL session token collection is a technique associated with session hijacking or cross-site scripting attacks, not with confirming command execution via callback traffic in injection testing.
There is no legal requirement mandating that an attacker route traffic through their own address space during command injection probing - this is a purely technical verification technique.
Blind command injection vulnerabilities produce no visible output in the HTTP response or application interface, making it impossible to directly observe whether injected commands executed. By injecting a command that initiates an out-of-band network request - such as a ping, DNS lookup, or HTTP request - directed at the attacker's own listener or infrastructure (e.g., Burp Collaborator or an attacker-controlled server), the attacker can observe the incoming connection and confirm command execution. This out-of-band callback is the standard technique for verifying blind injection without output.
Operating system fingerprinting is typically accomplished through tools like nmap using TCP/IP stack analysis or banner grabbing, not by having the remote host initiate callbacks to the attacker's address space.
Concept tested: Blind command injection out-of-band verification technique
Source: https://owasp.org/www-community/attacks/Command_Injection
Topics
Community Discussion
No community discussion yet for this question.