Remote code execution(RCE)

Hey any one tell me how i learn remote code execution i try tu search hard on google and youtube but not found any strong stuff how i find
remote code execution ?
I read book but there i no topic or content about
remote code execution. Will u tell me how i learn it plzz tell me basic or intermediate level of
remote code execution tell me tools or place on which place of website it easily find
Or tell me resources where i learn remote code execution
Thank you

1 Like

Maybe google “remote code execution” and read everything related to it that you get as results until you get an idea about what it is.

Remote-Code-Execution

1 Like

i also searching answer of that

If you have development background, it just take seconds to learn what is RCE and how to exploit it. So, I recommend you to learn programming, firstly. It will help you to understand application security, better and faster.

An example OS command:
“whois yourwebsite.xxx”

In RCE/command injection vulnerabilities, attacker will include his own commands into codes. For example, think a website which is returning whois records of entered domain. If attacker enters google.com|date as website, the OS command will be like:

whois google.com|date

and program will return the date instead of whois records: Wed Jun 17 18:49:35 UTC 2020

Why? Because attacker has used | (pipe) character and manipulated the OS command. So, a RCE/OS command injection vulnerability has been borned.

There are some similar characters to pipe: && ; > $() ` (backtick)

Let you take a look at it: https://vullnerability.com/blog/out-of-band-remote-command-execution-challenge-1

Also, try to solve challenges, so you can practice your skills and learn better.

image

3 Likes

Very good information as usual. I appreciate it.

You need to learn how to use Metasploit

Happy to find this thread!