HackTool.Linux.CommInjectX.A

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It does not have any propagation routine.

It does not have any backdoor routine.

It does not have any information-stealing capability.

It takes advantage of certain vulnerabilities.

Arrival Details

This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Propagation

This Hacking Tool does not have any propagation routine.

Backdoor Routine

This Hacking Tool does not have any backdoor routine.

Rootkit Capabilities

This Hacking Tool does not have rootkit capabilities.

Information Theft

This Hacking Tool does not have any information-stealing capability.

Other Details

This Hacking Tool does the following:

• It is used as a penetration testing tool to automate the detection and exploitation of command injection vulnerabilities.

It takes advantage of the following vulnerabilities:

• Command injection vulnerabilities

It accepts the following parameters:

• -h | --help → Show help and exit.
  
  
• General: → These options relate to general matters.
  • -v VERBOSE → Verbosity level (0-4, Default: 0).
  • --version → Show version number and exit.
  • --output-dir=OUT.. → Set custom output directory path.
  • -s SESSION_FILE → Load session from a stored (.sqlite) file.
  • --flush-session → Flush session files for current target.
  • --ignore-session → Ignore results stored in session file.
  • -t TRAFFIC_FILE → Log all HTTP traffic into a textual file.
  • --batch → Never ask for user input, use the default behaviour.
  • --skip-heuristics → Skip heuristic detection for code injection.
  • --codec=CODEC → Force codec for character encoding (e.g., 'ascii').
  • --charset=CHARSET → Time-related injection charset (e.g., "0123456789abcdef")
  • --check-internet → Check internet connection before assessing the target.
  • --answers=ANSWERS → Set predefined answers (e.g., "quit=N,follow=N")
  
  
• Target:→ This option has to be provided to define the target URL.
  • -u URL | --url=URL → Target URL.
  • --url-reload → Reload target URL after command execution.
  • -l LOGFILE → Parse target from HTTP proxy log file.
  • -m BULKFILE → Scan multiple targets given in a textual file.
  • -r REQUESTFILE → Load HTTP request from a file.
  • --crawl=CRAWLDEPTH → Crawl the website starting from the target URL (Default: 1).
  • --crawl-exclude=.. → Regexp to exclude pages from crawling (e.g., "logout").
  • -x SITEMAP_URL → Parse target(s) from remote sitemap(.xml) file.
  • --method=METHOD → Force usage of given HTTP method (e.g., PUT)
  
  
• Request: → These options can be used to specify how to connect to the target URL.
  • -d DATA | --data=.. → Data string to be sent through POST.
  • --host=HOST → HTTP Host header.
  • --referer=REFERER → HTTP Referer header.
  • --user-agent=AGENT → HTTP User-Agent header.
  • --random-agent → Use a randomly selected HTTP User-Agent header.
  • --param-del=PDEL → Set character for splitting parameter values.
  • --cookie=COOKIE → HTTP Cookie header.
  • --cookie-del=CDEL → Set character for splitting cookie values.
  • -H HEADER | --hea.. → Extra header (e.g., 'X-Forwarded-For: 127.0.0.1').
  • --headers=HEADERS → Extra headers (e.g., 'Accept-Language: fr\nETag: 123').
  • --proxy=PROXY → Use a proxy to connect to the target URL.
  • --tor → Use the Tor network.
  • --tor-port=TOR_P.. → Set Tor proxy port (Default: 8118).
  • --tor-check → Check to see if Tor is used properly.
  • --auth-url=AUTH_.. → Login panel URL.
  • --auth-data=AUTH.. → Login parameters and data.
  • --auth-type=AUTH.. → HTTP authentication type (Basic, Digest, Bearer).
  • --auth-cred=AUTH.. → HTTP authentication credentials (e.g., 'admin:admin').
  • --ignore-code=IG.. → Ignore (problematic) HTTP error code (e.g., 401).
  • --force-ssl → Force usage of SSL/HTTPS.
  • --ignore-proxy → Ignore system default proxy settings.
  • --ignore-redirects → Ignore redirection attempts.
  • --timeout=TIMEOUT → Seconds to wait before timeout connection (Default: 30).
  • --retries=RETRIES → Retries when the connection timeouts (Default: 3).
  • --drop-set-cookie → Ignore Set-Cookie header from response.
  
  
• Enumeration: → These options can be used to enumerate the target host.
  • --all → Retrieve everything.
  • --current-user → Retrieve current user name.
  • --hostname → Retrieve current hostname.
  • --is-root → Check if the current user have root privileges.
  • --is-admin → Check if the current user have admin privileges.
  • --sys-info → Retrieve system information.
  • --users → Retrieve system users.
  • --passwords → Retrieve system users password hashes.
  • --privileges → Retrieve system users privileges.
  • --ps-version → Retrieve PowerShell's version number.
  
  
• File access: → These options can be used to access files on the target host.
  • --file-read=FILE.. → Read a file from the target host.
  • --file-write=FIL.. → Write to a file on the target host.
  • --file-upload=FI.. → Upload a file on the target host.
  • --file-dest=FILE.. → Host's absolute filepath to write and/or upload to.
  
  
• Modules: → These options can be used to increase the detection and/or injection.
  • --shellshock → The 'shellshock' injection module.
  
  
• Injection: → These options can be used to specify which parameters to inject and to provide custom injection payloads.
  • -p TEST_PARAMETER → Testable parameter(s).
  • --skip=SKIP_PARA.. → Skip testing for given parameter(s).
  • --suffix=SUFFIX → Injection payload suffix string.
  • --prefix=PREFIX → Injection payload prefix string.
  • --technique=TECH → Specify injection technique(s) to use.
  • --skip-technique.. → Specify injection technique(s) to skip.
  • --maxlen=MAXLEN → Set the max length of output for time-related injection techniques (Default: 10000 chars).
  • --delay=DELAY → Seconds to delay between each HTTP request.
  • --time-sec=TIMESEC → Seconds to delay the OS response (Default: 1).
  • --tmp-path=TMP_P.. → Set the absolute path of web server's temp directory.
  • --web-root=WEB_R.. → Set the web server document root directory (e.g., '/var/www').
  • --alter-shell=AL.. → Use an alternative os-shell (e.g. 'Python').
  • --os-cmd=OS_CMD → Execute a single operating system command.
  • --os=OS → Force back-end operating system (e.g., 'Windows' or 'Unix').
  • --tamper=TAMPER → Use given script(s) for tampering injection data.
  • --msf-path=MSF_P.. → Set a local path where metasploit is installed.
  
  
• Detection: → These options can be used to customize the detection phase.
  • --level=LEVEL → Level of tests to perform (1-3, Default: 1).
  • --skip-calc → Skip the mathematic calculation during the detection phase.
  • --skip-empty → Skip testing the parameter(s) with empty value(s).
  • --failed-tries=F.. → Set a number of failed injection tries, in file-based technique.
  • --smart → Perform thorough tests only if positive heuristic(s).
  
  
• Miscellaneous:
  • --ignore-depende.. → Ignore all required third-party library dependencies.
  • --list-tampers → Display list of available tamper scripts.
  • --alert=ALERT → Run host OS command(s) when injection point is found.
  • --no-logging → Disable logging to a file.
  • --purge → Safely remove all content from commix data directory.
  • --skip-waf → Skip heuristic detection of WAF/IPS/IDS protection.
  • --mobile → Imitate smartphone through HTTP User-Agent header.
  • --offline → Work in offline mode.
  • --wizard → Simple wizard interface for beginner users.
  • --disable-coloring → Disable console output coloring.