00 — Overview

Command Injection

When web apps pass user input to a system shell, attackers can append their own OS commands and run anything on the server — read files, add users, establish reverse shells.

Intermediate·55 min·11 tasks

// By the end of this module

→Identify where web applications call out to the operating system

→Exploit command injection using shell metacharacters (;, |, &&)

→Bypass filters with encoding, whitespace, and alternative syntax

→Escalate command injection to a full reverse shell

// Prerequisites

Foundation · Beginner

Linux & CLI Fundamentals

45 min

→

Foundation · Beginner

How the Web Works

45 min

→