Commix v0.7b - Automatic All-in-One OS Command Injection and Exploitation Tool.

Commix v0.7b – Automatic All-in-One OS Command Injection and Exploitation Tool.

Changelog Version 0.7b:
* Added: The ability to store valid (Digest) credentials into session files for current target.
* Added: Dictionary-based cracker for “Digest” HTTP authentication credentials.
* Added: Support for “Digest” HTTP authentication type.

commix v0.7 git

commix v0.7 git

Changelog Version 0.6b [2016]:
* Added: The ability to store valid credentials into session files for current target.
* Added: The ability to store valid (Basic) credentials into session files for current target.
* Added: New option “–ignore-401” that ignores HTTP Error 401 (Unauthorized) and continues tests without providing valid credentials.
* Added: Dictionary-based cracker for “Basic” HTTP authentication credentials.
* Added: Identifier for HTTP authentication type (currently only “Basic” type is supported).on.

commix v0.6B git installation

commix v0.6B git installation

changelog v0.4b:
* Added: New option “–flush-session” for flushing session files for current target.
* Added: Support to resume to the latest injection points from session file.
* Added: Payload mutation if WAF/IPS/IDS protection is detected.
* Added: Check for existence of WAF/IPS/IDS protection (via error pages).
* Added: The “set” option in “reverse_tcp” which sets a context-specific variable to a value.
Version 0.3b [2015]:
+ Added: Time-relative false-positive identification, which identifies unexpected time delays due to unstable requests.
+ Added: New option “-l”, that parses target and data from HTTP proxy log file (i.e Burp or WebScarab).
+ Added: Check if Powershell is enabled in target host, if the applied option’s payload is requiring the use of PowerShell.
+ Added: New option “–ps-version”, that checks PowerShell’s version number.
+ Replaced: Some powershell-based payloads, have been replaced by new (more solid) ones, so to avoid “Microsoft-IIS” server’s incompatibilities.
+ Added: Support (in MacOSX platforms) for a tab completion in shell options.
+ Added: Undocumented parameter “-InputFormat none” so to avoid “Microsoft-IIS” server’s hang.
+ Added: Ability for identification of “Microsoft-IIS” servers.
+ Added: Statistical checks for time-related (“time-based”/”tempfile-based”) techniques.
+ Added: Support for Windows-based (cmd / powershell) payloads for every injection technique.ng..

Commix (short for [com]mand [i]njection e[x]ploiter) has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, it is very easy to find and exploit a command injection vulnerability in a certain vulnerable parameter or string. Commix is written in Python programming language.

Commix v0.2b-7cc57eb Example screenCapture Updates commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool. Has been Tested on: Kali Sana, Windows 7/8.1/10, Debian, Ubuntu, Arch-Linux

Commix v0.2b-7cc57eb
Example screenCapture Updates commix-v-0.1b : Automated All-in-One OS Command Injection and Exploitation Tool. Has been Tested on: Kali Sana, Windows 7/8.1/10, Debian, Ubuntu, Arch-Linux

Disclaimer :
The tool is only for testing and academic purposes and can only be used where strict consent has been given. Do not use it for illegal purposes!!

Command Injection Testbeds
A collection of pwnable VMs, that includes web apps vulnerable to command injections.
+ Damn Vulnerable Web App
+ OWASP: Mutillidae
+ bWAPP: bee-box (v1.6)
+ Persistence
+ Pentester Lab: Web For Pentester
+ Pentester Lab: CVE-2014-6271/Shellshock
+ Pentester Lab: Rack Cookies and Commands injection
+ Pentester Academy: Command Injection ISO: 1
+ SpiderLabs: MCIR (ShelLOL)
+ Kioptrix: Level 1.1 (#2)
+ Kioptrix: 2014 (#5)
+ Acid Server: 1
+ Flick: 2
+ w3af-moth
+ commix-testbed

Exploitation Demos:
+ Exploiting DVWA (1.0.8) command injection flaws.
+ Exploiting bWAPP command injection flaws (normal & blind).
+ Exploiting ‘Persistence’ blind command injection flaw.
+ Exploiting shellshock command injection flaws.
+ Upload a PHP shell (i.e. Metasploit PHP Meterpreter) on target host.
+ Upload a Weevely PHP web shell on target host.
+ Exploiting cookie-based command injection flaws.
+ Exploiting user-agent-based command injection flaws.
+ Exploiting referer-based command injection flaws.
+ Rack cookies and commands injection.

Usage

Options:

Target:

Request:

Injection:

Enumeration :

Installation:

Download : Master.zip | Clone Url
Source : https://github.com/stasinopoulos/ | Our post Before