Tutorial: Using web command injection vulnerability to gain administrative shell on Windows web server

Blog Post created by webpwnized on Jun 22, 2012

In this video, a Windows web server is hosting Mutillidae web application which contains a command injection vulnerability.


Using command injection to exploit the Mutillidae web application, we gain a root shell (Administrative Windows cmd shell). The server is fully patched with anti-virus running and a firewall blocking port 23. Additionally the telnet service is disabled. With the command injection vulnerability, this video demonstrates how misconfiguring web services can have serious consequences for security. Additionally we review how to remediate command injection vulnerabilities and discuss some of the defects which expose the server to compromise.


Mutillidae is a free web application which is vulnerable on purpose to give a training environment for pen testers, security enthusiasts, universities, and as a target for evaluating vulnerability assessment tools. It is available pre-installed on Metasploitable 2. Updates about Mutillidae are announced on Twitter at @webpwnized. Let us know how helpful this is in the comments, and feel free to download the Community Edition of Metasploit to continue your testing.