🟩OS Command Injection
Last updated
Last updated
OS command injection (also known as shell injection) is a web security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the server that is running an application, and typically fully compromise the application and all its data.
| Purpose of command | Linux | Windows |
|---|---|---|
| Method | Command |
|---|---|
Name of current user
whoami
whoami
Operating system
uname -a
ver
Network configuration
ifconfig -a
ipconfig /all
Network connections
netstat -tunl
netstat -an
Running processes
ps -ef
tasklist
Time delays
Redirecting output
Out-Of-Band (OOB) DNS lookup. You can use Burp Collaborator