OS command injection is also known as shell injection. It allows an attacker to execute operating system (OS) commands on the server that is running an application, and typically fully compromise the application and its data. Often, an attacker can leverage an OS command injection vulnerability to compromise other parts of the hosting infrastructure, and exploit trust relationships to pivot the attack to other systems within the organization.
| Purpose of command | Linux | Windows |
|---|---|---|
| Name of current user | whoami |
whoami |
| Operating system | uname -a |
ver |
| Network configuration | ifconfig |
ipconfig /all |
| Network connections | netstat -an |
netstat -an |
| Running processes | ps -ef |
tasklist |