From the OWASP Mutilliae II menu, select DNS Lookup by navigating to OWASP 2013 | A1-Injection (Other) | Command Injection | DNS Lookup:
On the DNS Lookup page, type the IP address 127.0.0.1 in the text box and click the Lookup DNS button:
Switch to the Burp Proxy | HTTP history tab and look for the request you just performed. Right-click on Send to Intruder:
In the Intruder | Positions tab, clear all suggested payload markers with the Clear $ button. In the target_host parameter, place a pipe symbol (|) immediately following the 127.0.0.1 IP address. After the pipe symbol, place an X. Highlight the X and click the Add $ button to wrap the X with payload markers:
In the Intruder | Payloads tab, click the Load button. Browse to the location where you downloaded the SecLists-master wordlists from GitHub. Navigate to the location of the FUZZDB_UnixAttacks.txt wordlist and use the following to populate the Payload Options [Simple list] box: SecLists-master |Fuzzing| FUZZDB_UnixAttacks.txt
Uncheck the Payload Encoding box at the bottom of the Payloads tab page and then click the Start Attack button.
Allow the attack to continue until you reach payload 50. Notice the responses through the Render tab around payload 45 or so. We are able to perform commands, such as id, on the operating system, which displays the results of the commands on the web page:
