< Go to the original

Understanding Command Injection through DVWA(Low-Impossible)

Practical Application.

Samuel K

Samuel K

~2 min read · May 23, 2026 (Updated: May 23, 2026) · Free: Yes

DVWA COMMAND INJECTION

It's a RCE(Remote Code Execution) where user input concatenated into system commands.
Attacks can execute codes on your machine.
On the O.S system input strings can be executed as the input command.
Reverse Shell= Target machines communicate to attacking machine.

. It may differ between the OS like linux and windows.

LAB SETUP

KALI LINUX
DVWA

Open DVWA the Kali Terminal.

go ahead and Input the level to low,medium,high& Impossible.

1. Low level

Input ; the address 127.0.0.1 to ping

Output

a. Payloads

I injected different payloads using the semicolon to show additional instructions.

2. Medium level

The application filters certain characters.

127.0.0.1; whoami

- 127.0.0.1; pwd

127.0.0.1; cat/etc/passwd

127.0.0.1; ifconfig

4. Impossible

- This is a failed Injection

Only a valid input was processed.

THATS ITT FOR COMMAND INJECTION!!! THANK YOU!!

#dvwa-command-injection #command-injection #labs #cybersecurity

< Go to the original