Remote Code Execution

What is Remote Code Execution?

In one sentence: When hacker can execute their own code on your server remotely and take full control!

Imagine you have a server. Hacker through a bug, can give commands to your server. For example, say "send me all files" or "create a new admin user". Hacker now has control of your server, remotely! This is RCE.

How does it happen?

Command Injection
Buffer Overflow
Deserialization Vulnerability
File Upload Vulnerability
Remote File Inclusion

RCE Example:

Imagine you have a form that Pings IP:

bash

1ping [user_input]

Hacker puts: 8.8.8.8; cat /etc/passwd

Server executes:

bash

1ping 8.8.8.8
2cat /etc/passwd

And shows sensitive file!

Why is it important for security?

Because RCE is the worst type of vulnerability! Hacker takes full control of server. Can steal everything, delete everything, make server part of Botnet.

What is Remote Code Execution?

In one sentence: When hacker can execute their own code on your server remotely and take full control!

How does it happen?

Command Injection
Buffer Overflow
Deserialization Vulnerability
File Upload Vulnerability
Remote File Inclusion

RCE Example:

Imagine you have a form that Pings IP:

bash

1ping [user_input]

Hacker puts: 8.8.8.8; cat /etc/passwd

Server executes:

bash

1ping 8.8.8.8
2cat /etc/passwd

And shows sensitive file!

Why is it important for security?

Because RCE is the worst type of vulnerability! Hacker takes full control of server. Can steal everything, delete everything, make server part of Botnet.

Remote Code Execution(RCE)

What is Remote Code Execution?

How does it happen?

RCE Example:

Why is it important for security?

Sources & References

Remote Code Execution(RCE)

What is Remote Code Execution?

How does it happen?

RCE Example:

Why is it important for security?

Sources & References

Sources & References

Related Concepts

Buffer Overflow(N/A)

Exploit

Sources & References

Related Concepts

Buffer Overflow(N/A)

Exploit