Skip to content

Commit 8dd528a

Browse files
igennovaigennova
authored
Command injection Lab (#4504)
* pre_commit * for test * done * ruff
1 parent 061eb94 commit 8dd528a

File tree

3 files changed

+230
-1
lines changed

3 files changed

+230
-1
lines changed

website/management/commands/create_commands_injection_tasks.py

Lines changed: 220 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,220 @@
1+
from django.core.management.base import BaseCommand
2+
3+
from website.models import Labs, TaskContent, Tasks
4+
5+
6+
class Command(BaseCommand):
7+
help = "Create Command Injection lab tasks"
8+
9+
def handle(self, *args, **options):
10+
command_injection_lab, created = Labs.objects.get_or_create(
11+
name="Command Injection",
12+
defaults={
13+
"description": "Learn about command injection vulnerabilities and how to exploit them",
14+
"difficulty": "Intermediate",
15+
"is_active": True,
16+
},
17+
)
18+
19+
if created:
20+
self.stdout.write(self.style.SUCCESS(f"Created lab: {command_injection_lab.name}"))
21+
else:
22+
self.stdout.write(self.style.WARNING(f"Lab already exists: {command_injection_lab.name}"))
23+
24+
tasks_data = [
25+
{
26+
"order": 1,
27+
"name": "Understanding Command Injection",
28+
"description": "Learn the basics of command injection vulnerabilities",
29+
"task_type": "theory",
30+
"theory_content": """
31+
<h2>What is Command Injection?</h2>
32+
<p>Command injection allows an attacker to execute arbitrary OS commands on the server by manipulating inputs to insecure system calls.</p>
33+
""",
34+
"mcq_question": "What is Command Injection?",
35+
"mcq_options": [
36+
"A) Injecting OS commands via user input",
37+
"B) Improving system performance",
38+
"C) Backing up data",
39+
"D) Writing database queries",
40+
],
41+
"correct_answer": "A",
42+
},
43+
{
44+
"order": 2,
45+
"name": "Command Injection Types",
46+
"description": "Understand different types of command injection",
47+
"task_type": "theory",
48+
"theory_content": """
49+
<h2>Types of Command Injection</h2>
50+
<ul>
51+
<li>Blind command injection</li>
52+
<li>Time-based command injection</li>
53+
<li>Out-of-band command injection</li>
54+
</ul>
55+
""",
56+
"mcq_question": "Which of the following is NOT a type of command injection?",
57+
"mcq_options": [
58+
"A) Blind command injection",
59+
"B) Time-based command injection",
60+
"C) Out-of-band command injection",
61+
"D) Cross-site command injection",
62+
],
63+
"correct_answer": "D",
64+
},
65+
{
66+
"order": 3,
67+
"name": "Basic Command Injection",
68+
"description": "Practice basic command injection with simple payloads",
69+
"task_type": "simulation",
70+
"simulation_config": {
71+
"scenario": "ping_feature",
72+
"vulnerable_parameters": ["ip_address"],
73+
"success_criteria": "Execute a command that shows the current directory contents",
74+
"success_payload": "127.0.0.1; ls",
75+
"hints": [
76+
"Use command separators like ; to chain commands",
77+
],
78+
"difficulty": "beginner",
79+
},
80+
},
81+
{
82+
"order": 4,
83+
"name": "Command Injection with Pipes",
84+
"description": "Use pipe operators for command injection",
85+
"task_type": "simulation",
86+
"simulation_config": {
87+
"scenario": "ping_filter_semicolon",
88+
"vulnerable_parameters": ["ip_address"],
89+
"success_criteria": "Execute a command that shows system information",
90+
"success_payload": "127.0.0.1 | uname -a",
91+
"hints": [
92+
"Try the pipe operator (|) to feed output into commands",
93+
],
94+
"difficulty": "beginner",
95+
},
96+
},
97+
{
98+
"order": 5,
99+
"name": "Blind Command Injection",
100+
"description": "Practice blind command injection techniques",
101+
"task_type": "simulation",
102+
"simulation_config": {
103+
"scenario": "blind_injection",
104+
"vulnerable_parameters": ["ip_address"],
105+
"success_criteria": "Cause a measurable time delay",
106+
"success_payload": "127.0.0.1; sleep 5",
107+
"hints": [
108+
"Use time delays like sleep to confirm injection",
109+
],
110+
"difficulty": "intermediate",
111+
},
112+
},
113+
{
114+
"order": 6,
115+
"name": "Command Injection Prevention",
116+
"description": "Learn how to prevent command injection vulnerabilities",
117+
"task_type": "theory",
118+
"theory_content": """
119+
<h2>Prevention</h2>
120+
<ul>
121+
<li>Validate and sanitize all inputs</li>
122+
<li>Use safe, parameterized APIs instead of shell calls</li>
123+
<li>Avoid invoking system commands entirely when possible</li>
124+
</ul>
125+
""",
126+
"mcq_question": "What is the BEST way to prevent command injection?",
127+
"mcq_options": [
128+
"A) Input validation only",
129+
"B) Parameterized commands only",
130+
"C) Avoid system commands only",
131+
"D) All of the above combined",
132+
],
133+
"correct_answer": "D",
134+
},
135+
{
136+
"order": 7,
137+
"name": "Advanced Command Injection",
138+
"description": "Practice advanced command injection with encoding",
139+
"task_type": "simulation",
140+
"simulation_config": {
141+
"scenario": "filter_bypass",
142+
"vulnerable_parameters": ["ip_address"],
143+
"success_criteria": "Execute a command that shows the current user",
144+
"success_payload": "127.0.0.1${IFS}&&${IFS}whoami",
145+
"hints": [
146+
"Use ${IFS} instead of spaces to bypass filters",
147+
],
148+
"difficulty": "advanced",
149+
},
150+
},
151+
{
152+
"order": 8,
153+
"name": "Command Injection in Web Shells",
154+
"description": "Understand how command injection relates to web shells",
155+
"task_type": "theory",
156+
"theory_content": """
157+
<h2>Web Shells</h2>
158+
<p>Command injection can be leveraged to upload or execute web shells, providing persistent access.</p>
159+
""",
160+
"mcq_question": "How does command injection relate to web shells?",
161+
"mcq_options": [
162+
"A) It can be used to upload/execute shells",
163+
"B) Web shells are a type of command injection",
164+
"C) They are unrelated",
165+
"D) Web shells prevent injection",
166+
],
167+
"correct_answer": "A",
168+
},
169+
]
170+
171+
for task_data in tasks_data:
172+
task, created = Tasks.objects.update_or_create(
173+
lab=command_injection_lab,
174+
order=task_data["order"],
175+
defaults={
176+
"name": task_data["name"],
177+
"description": task_data["description"],
178+
"task_type": task_data["task_type"],
179+
"is_active": True,
180+
},
181+
)
182+
183+
if created:
184+
self.stdout.write(self.style.SUCCESS(f"Created task: {task.name}"))
185+
else:
186+
self.stdout.write(self.style.WARNING(f"Updated task: {task.name}"))
187+
188+
content_defaults = {}
189+
if task_data["task_type"] == "theory":
190+
content_defaults.update(
191+
{
192+
"theory_content": task_data.get("theory_content", ""),
193+
"mcq_question": task_data.get("mcq_question", ""),
194+
"mcq_options": task_data.get("mcq_options", []),
195+
"correct_answer": task_data.get("correct_answer", ""),
196+
}
197+
)
198+
else:
199+
content_defaults.update(
200+
{
201+
"simulation_config": task_data.get("simulation_config", {}),
202+
}
203+
)
204+
205+
content, content_created = TaskContent.objects.update_or_create(
206+
task=task,
207+
defaults=content_defaults,
208+
)
209+
210+
if content_created:
211+
self.stdout.write(self.style.SUCCESS(f"Created content for task: {task.name}"))
212+
else:
213+
self.stdout.write(self.style.WARNING(f"Updated content for task: {task.name}"))
214+
215+
if hasattr(command_injection_lab, "update_total_tasks"):
216+
command_injection_lab.update_total_tasks()
217+
218+
self.stdout.write(
219+
self.style.SUCCESS(f"Successfully created/updated {len(tasks_data)} tasks for Command Injection lab")
220+
)

website/templates/Simulation.html

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,7 @@ <h2 class="ml-3 text-xl font-semibold text-gray-900">{{ lab.title }}</h2>
6262
<span class="bg-gray-100 text-gray-700 px-3 py-1 rounded-full text-sm">{{ lab.estimated_time }} min</span>
6363
</div>
6464
</div>
65-
<!-- Description -->
65+
<!-- Description-->
6666
<p class="text-gray-600 mb-4">{{ lab.description }}</p>
6767
<!-- Progress Bar -->
6868
<div class="mb-4">

website/templates/task_detail.html

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -131,6 +131,8 @@ <h3 class="text-lg leading-6 font-medium text-gray-900 mb-4">Try Your Payload</h
131131
Enter your XSS payload:
132132
{% elif lab.name == "Cross-Site Request Forgery" %}
133133
Enter your CSRF attack code:
134+
{% elif lab.name == "Command Injection" %}
135+
Enter your command injection payload:
134136
{% else %}
135137
Enter your payload:
136138
{% endif %}
@@ -147,6 +149,13 @@ <h3 class="text-lg leading-6 font-medium text-gray-900 mb-4">Try Your Payload</h
147149
rows="4"
148150
class="shadow-sm focus:ring-[#e74c3c] focus:border-[#e74c3c] mt-1 block w-full sm:text-sm border border-gray-300 rounded-md p-3"
149151
placeholder="Enter your XSS payload here... (e.g., &lt;script&gt;alert('XSS')&lt;/script&gt;)"></textarea>
152+
{% elif lab.name == "Command Injection" %}
153+
<label for="payload" class="block text-sm font-medium text-gray-700 mb-2">Enter your command injection payload:</label>
154+
<textarea id="payload"
155+
name="payload"
156+
rows="4"
157+
class="shadow-sm focus:ring-[#e74c3c] focus:border-[#e74c3c] mt-1 block w-full sm:text-sm border border-gray-300 rounded-md p-3"
158+
placeholder="Enter your command injection payload here... (e.g., 127.0.0.1; ls)"></textarea>
150159
{% else %}
151160
<label for="payload" class="block text-sm font-medium text-gray-700 mb-2">Enter your payload:</label>
152161
<textarea id="payload"

0 commit comments

Comments
 (0)