Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Bad value for option -c error when entering ping -c 10 127.0.0.1

[ | Last updated: Mar 14, 2022 09:26AM UTC

Hi, in this tutorial : https://portswigger.net/web-security/os-command-injection i saw this command : & ping -c 10 127.0.0.1 & so i decided to enter this command in cmd : ping -c 10 127.0.0.1 but cmd gave to me this error : Bad value for option -c can you help me to know how the -c option work for ping? or how can solve the problem?

Ben, PortSwigger Agent | Last updated: Mar 14, 2022 11:55AM UTC

Hi Dan, Are you using Windows? If so, the count option is actually carried out via the -n flag so the following command should work: ping -n 10 127.0.0.1 For future reference, typing 'ping' (without the single quotes) on the command line should furnish you with the various command line options available to you on the operating system that you are using.

[ | Last updated: Mar 14, 2022 01:25PM UTC

For future reference, typing 'ping' (without the single quotes) on the command line should furnish you with the various command line options available to you on the operating system that you are using. --> Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] [-R] [-S srcaddr] [-c compartment] [-p] [-4] [-6] target_name Options: -t Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C. -a Resolve addresses to hostnames. -n count Number of echo requests to send. -l size Send buffer size. -f Set Don't Fragment flag in packet (IPv4-only). -i TTL Time To Live. -v TOS Type Of Service (IPv4-only. This setting has been deprecated and has no effect on the type of service field in the IP Header). -r count Record route for count hops (IPv4-only). -s count Timestamp for count hops (IPv4-only). -j host-list Loose source route along host-list (IPv4-only). -k host-list Strict source route along host-list (IPv4-only). -w timeout Timeout in milliseconds to wait for each reply. -R Use routing header to test reverse route also (IPv6-only). Per RFC 5095 the use of this routing header has been deprecated. Some systems may drop echo requests if this header is used. -S srcaddr Source address to use. -c compartment Routing compartment identifier. -p Ping a Hyper-V Network Virtualization provider address. -4 Force using IPv4. -6 Force using IPv6. As you can see for me -c is Routing compartment identifier not count. (this mean i don't know why you said -c is for count! and you said use -n instead!) So for count there are multiple things like -r , -s , -n for me. And the subject of tutorial was about : Detecting blind OS command injection using time delays i thought we want to define a time delay with -c, and also for me just number 1 worked without any error : ping -c 1 127.0.0.1

Ben, PortSwigger Agent | Last updated: Mar 14, 2022 03:35PM UTC

Hi Dan, The command line flags are different in Windows when compared to Linux (-c is the option to specify the number of ICMP packets that you wish to send in Linux, whereas in Windows the -n command line option is used). This is the reason why I asked if you were using Windows and to suggest finding out which particular command line options were relevant to your machine environment (obviously the 'server' machine in the lab itself is unlikely to be the same type of environment that you are running locally). I think you may be slightly confused by 'count' - this is a general term referring to a value that you can supply with the command so using, as an example, using -r 10 will record the route of the ICMP packet for 10 (10 being the value that you would have supplied for 'count') hops. The lab is about detecting OS command injection using time delays - the way to do this is by sending a number of ICMP packets which will, in turn, cause a delay (sending 10 ICMP packets will cause a ten second delay). The '-c 1' command line option on Windows is a valid option (as you have noted, -c is used for 'routing compartment identifier') hence the reason why this worked for you on your Windows machine.

[ | Last updated: Mar 14, 2022 04:47PM UTC

thank you. 1-there is something that i don't know : when i'm intercepting the http for example when i'm searching for home page of a website i can see in the burpsuite this --> Host: www.example.com but when i'm doing something in this site which must be sent with post method the host is now like this --> api.example.com So my problem is do these hosts have a same data base or are these connected to different databases or servers? 2-i have a question about OS command injection: in solution part of this lab : https://portswigger.net/web-security/os-command-injection/lab-blind-time-delays you can see this : email=x||ping+-c+10+127.0.0.1|| what if the web application is using json headers for sending email like this : {"email":"xxxxxx"} so is it possible to do os command injection?

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.