OS Command Injection Part 2 - Deep Dive - Injection Vulnerability | Coursera

Browse
Top Courses
Log In
Join for Free

OS Command Injection Part 2

Loading...

Network Security & Database Vulnerabilities

4.6 (1,358 ratings) | 29K Students Enrolled

Course 4 of 8 in the IBM Cybersecurity Analyst Specialization

Enroll for Free

This course gives you the background needed to understand basic network security. You will learn the about Local Area Networks, TCP/IP, the OSI Framework and routing basics. You will learn how networking affects security systems within an organization. You will learn the network components that guard an organization from cybersecurity attacks. In addition to networking, you will learn about database vulnerabilities and the tools/knowledge needed to research a database vulnerability for a variety of databases including SQL Injection, Oracle, Mongo and Couch. You will learn about various security breach types associated with databases and organizations that define standards and provide tools for cybersecurity professionals. This course is intended for anyone who wants to gain a basic understanding of Network Security/Database Vulnerabilities or as the fourth course in a series of courses to acquire the skills to work in the Cybersecurity field as a Jr Cybersecurity Analyst.

Skills You'll Learn

database vulnerabilities, Network Security, Sql Injection, Cybersecurity, networking basics

Reviews

4.6 (1,358 ratings)

5 stars
72.45%
4 stars
21.42%
3 stars
4.05%
2 stars
1.32%
1 star
0.73%

AH

Jun 14, 2020

The content is basic overview of network security. I would say that the lecture videos of the first 2 weeks were just 'okay'. But the practice quizes made the content easily understandable.

OA

Jul 5, 2020

Great course, meticulous facilitators. Thanks you all. I was once a novice in Cybersecurity but now I am well tutored to take on challenging problems and provide solution.

From the lesson

Deep Dive - Injection Vulnerability

In this module you will hear an IBM Subject Matter expert discuss the common vulnerability of Injection. You will learn the basics around OS Command Injection and SQL Injection.

Welcome to Deep Dive - Injection Vulnerability0:20

Introduction to Injection Flaws3:43

OS Command Injection Part 18:57

OS Command Injection Part 25:02

OS Command Injection Part 37:32

Taught By

IBM Security Learning Services
IBM Global Subject Matter Experts

Try the Course for Free

Transcript

In this video, you will learn to describe additional OS command injection attacks, explain why commands should not be run through the shell interpreters, explain why it is important to use explicit paths when running executables. Next recommendation is to not run commands through shell interpreters. You may be familiar with shell interpreters like SSH, bash, that's on Unix, cmd and PowerShell on Windows. When you supply your command, lets say your business logic requires you to run an OS commands, so you have no choice, you have to do it. If you run it and supply it as a parameter to the shell interpreter then that also gives attacker extra power because, for example, they could chain commands. They could as syntax showed earlier, with the semicolon, you could chain a number of commands in there and the attacker could download malicious code, could delete files, could create web shells, do all kinds of damage. But if you run the command directly without passing it to the shell interpreter, then a whole set of shell syntax such as semicolon, pi, ampersand, Beck quotes, dollar sign, all that syntax that's introduced and understood by the shell interpreter is no longer valid, because you're just running a single command, in this case, a remove command, and you're passing a file to remove. So this command that you see here, the second command on the slide, will actually fail. It will not work, because the semicolon will have no meaning to the RM command. Note that even if you do that there's still danger of doing additional damage. You could not only manipulate the single parameter, but you could add additional parameters to a command that you're running. So here, in this example, we're running an Nmap application to scan a particular IP address. However, if the attacker has control of the input they could specify additional Nmap parameters. In this particular case, it will cause Nmap to write the log file to a particular file that you specify. However, if it's running as root command, there's a possibility that this would actually overwrite an important system library. So bad things still could happen, it's just the attack surface is reduced. We're no longer dealing with a full set of syntax that show interpreter supports, but rather concentrate on the single command. Also, something to keep in mind is that another example that you often see is that you may execute a single command, let's say a shell script, but inside that shell script there could be something in those commands that could trigger OS command execution on the parameters that are passed in. So even though you're running something directly not involving shell interpreter, there's still a chance that something could happen inside the script that you need to watch out for, and you have to scrutinize how you operate on the input that user supplies so that a malicious command is not executed and recommended. The next recommendation is to use explicit paths. Applications are found by the operating system and executed based on system path settings. There is a type of attack where if there's a folder on the system that's writeable to a general user, and have multiple users using the machine, that folder also is referenced in the path before the folder containing the executable you're trying to run. What the attacker could do is it have a low privilege account on the system, they could log in and they could drop a malicious version of the application, in this case, Nmap, in the folder that's under their control and that appears in the path before the regular folder where Nmap lives. When we execute commands without the full path, just say Nmap and then the IP address, that malicious executable will be run instead of the one that we intend. So to protect against it, it's best to reference all the executables that you run by their full path, that way there is no ambiguity, and the right executable will be loaded. By the way, the same recommendation applies to another type of attack called DLL hijacking, because the same thing applies to DLLs and shared libraries, attacker could drop a malicious version of a shared library or a DLL into the folder that they control that appears in the path and that will be loaded before the valid version of that same binary file.

Explore our Catalog

Join for free and get personalized recommendations, updates and offers.

Coursera Footer

Top Online Courses

Finding Purpose & Meaning in Life
Understanding Medical Research
Japanese for Beginners
Introduction to Cloud Computing
Foundations of Mindfulness
Fundamentals of Finance
Machine Learning
Machine Learning Using Sas Viya
The Science of Well Being
Covid-19 Contact Tracing
AI for Everyone
Financial Markets
Introduction to Psychology
Getting Started with AWS
International Marketing
C++
Predictive Analytics & Data Mining
UCSD Learning How to Learn
Michigan Programming for Everybody
JHU R Programming
Google CBRS CPI Training

Top Online Specializations

Natural Language Processing (NLP)
AI for Medicine
Good with Words: Writing & Editing
Infections Disease Modeling
The Pronounciation of American English
Software Testing Automation
Deep Learning
Python for Everybody
Data Science
Business Foundations
Excel Skills for Business
Data Science with Python
Finance for Everyone
Communication Skills for Engineers
Sales Training
Career Brand Management
Wharton Business Analytics
Penn Positive Psychology
Washington Machine Learning
CalArts Graphic Design

Online Certificates

Professional Certificates
MasterTrack Certificates
Google IT Support
IBM Data Science
Google Cloud Data Engineering
IBM Applied AI
Google Cloud Architecture
IBM Cybersecurity Analyst
Google IT Automation with Python
IBM z/OS Mainframe Practitioner
UCI Applied Project Management
Instructional Design Certificate
Construction Engineering and Management Certificate
Big Data Certificate
Machine Learning for Analytics Certificate
Innovation Management & Entrepreneurship Certificate
Sustainabaility and Development Certificate
Social Work Certificate
AI and Machine Learning Certificate
Spatial Data Analysis and Visualization Certificate

Online Degree Programs

Computer Science Degrees
Business Degrees
Public Health Degrees
Data Science Degrees
Bachelor's Degrees
Bachelor of Computer Science
MS Electrical Engineering
Bachelor Completion Degree
MS Management
MS Computer Science
MPH
Accounting Master's Degree
MCIT
MBA Online
Master of Applied Data Science
Global MBA
Master's of Innovation & Entrepreneurship
MCS Data Science
Master's in Computer Science
Master's in Public Health

Coursera

About
What We Offer
Leadership
Careers
Catalog
Certificates
MasterTrack™ Certificates
Degrees
For Enterprise
For Government
For Campus

Community

Learners
Partners
Developers
Beta Testers
Translators
Blog
Tech Blog
Teaching Center

More

Terms
Privacy
Help
Accessibility
Press
Contact
Directory
Affiliates

Learn Anywhere

Get it on Google Play

© 2021 Coursera Inc. All rights reserved.