Commix Full Tutorial | Updated 2024

Introduction

In this post, Moreover you will learn what is commix and how does it work and also we will be looking at some of the important commands in the commix tool and down below is the video format of the post, Check it out ❤️

Video

What is Commix ❓

Commix (short for [comm]and [i]njection e[x]ploiter) is an open source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of command injection vulnerabilities.

In one word this tool is an Automated All-in-One OS Command Injection Exploitation Tool.

Advertisement

Who developed the tool

The tool developed by Anastasios, He seems to be working on commix tool only. The commix at first sucked but after using it… It is Awesome ❤️.

The developer of commix tells he writes code that injects code which is kind of nerdy and cringe but it’s notable.

Features in commix ✌

  1. Easy to Use: Automates the detection and exploitation of command injection vulnerabilities in certain vulnerable parameters.
  2. Portable: Everything you need to perform effective command injection attacks against multiple operating systems and applications is included.
  3. Modular: You are able to develop and easily import your own modules in order to increase the capabilities of commix.
  4. Cross-Compatible: It is compatible with multiple penetration testing tools such as sqlmap, burpsuite, metasploit.
  5. Cross-Platform: It is Written in Python! No need to compile anything, only Python (version 2.6, 2.7 or 3.x) is required for running commix on any platform.
  6. Free & Open Source Software: It is a free and open source project licensed under the GPLv3 License.

Advertisement

Types of command injection in commix

Result based command injection

The are two types of injection they are;

  • Classic result based injection : This is the most commonly used type of command injection and is the simplest of all.
  • Dynamic Based technique : This technique is used where the targeted web application is vulnerable to eval() function.

Blind Command Injection

The data are retrieved after the I have executed injected shell command is the main difference between the working of both the types.

In this case web application would not give any result back to the attacker; blind command injection is used.

There are further two types of blind command injection they are;

  • Time-based Technique : Using this technique will delay the time of the execution of a command that is injected. By checking how much time the application took to revert will able the attacker to determine whether the command is executed successfully or not.
  • File-based Technique : If you are not able to determine the result of the web application through its reaction, then this technique comes in handy as it will allow you to write the set of commands that are to be injected in the file accessible to the attacker. Working of this technique is similar to that of result based technique.

How to use commix

Hey there, Hope you got know know something about commix and now let’s see how to use the tool.

If you have any doubts comment down below or watch the youtube video on commix.

Example 1, Default Method

By just entering the -u and the url of the vulnerable site link will be resulting a shell. Moreover we could find some useful informations like OS info, Tables, Database names etc..,

commix -u <url with parameter> 
commix -u 192.168.64.69/sqli/example1.php?name=admin

It gonna take a hell of time to complete the scan it is because the commix scans through whole application.

The estimated result will appear somewhere between 30mins-3hrs.

Example 2, Scan for multiple host

To scan for multiple host we can enter the -m command and the file name.

commix -u <file name>

Example 3, -all Command

Retrieves all the information related to current user, hostname, system info, passwords etc., However sometimes this may not work.

In addition we could mix the commands for good results.

commix --url="<url link> -all

Example 4, Getting a command line shell

To get a shell let’s use the pentester lab command execution link. However it seems to be vulnerable.

commix --url="http://192.168.64.69/codeexec/example4.php?name="INJECT_HERE"

Conclusion

It is a great tool for command line injection and exploiting the vulnerable link and getting the shell.

Finally the shell which allows us to enumerate. However there is difference between sqlmap and commix. The commix tool inject the vulnerable link and try to gat a shell access but the sqlmap don’t do that.

Therefore this is a great tool for exploiting the web application vulnerability.

Advertisement


Also Read: SQLMAP full tutorial

Share your love

2 Comments

Comments are closed.

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site