Posts tagged: #Shell

There are probably related tags so check out all tags.

Techniques for bypassing blocklist words for command injections

🌱 [seed]
🏷️ command-injection  🏷️ shell 

Inserting noop characters

Quotes (even number of non-mixed) will be ignored by bash. $ c'a't becomes $ cat. Similar for $ c"a"t

Backslashing chars (other than \n etc, obs) will have no effect. $ c\at becomes $ cat.

Use the positional param character $ c$@at becomes $ cat

Manipulate the characters

$(rev<<<'tac') becomes cat. Experiment with other things like rot13.

Encode the command

$(base64 -d<<<"Y2F0Cg==") becomes cat

[Read more]

Techniques for bypassing blocklisted characters for command injections

🌱 [seed]
🏷️ command-injection  🏷️ hacking  🏷️ shell 

Whitespace

  • %0a: newline
  • %20: space
  • %09: tab
  • ${IFS}: Input Field Separators ↗️ (typically space, tab, newline)
  • bash bracket expansion: {ls,-la} turns into ls -la

Special characters

  • forward slash: echo ${PATH:0:1}
  • semicolon: echo ${LS_COLORS:10:1}
  • pipe: try using <<<

Shifting characters

This command will shift a letter one to the right echo $(tr '!-}' '"-~'<<<[). e.g. ~ becomes !.

shift_generator() {
  local shift=$1
  local char=$2
  local second_start=$((33 + shift))
  local second_end=$((33 + shift - 1))
  printf "echo \$(tr '\\!-~' '"
  printf '%b-~\\!-%b' "$(printf '\\%03o' $second_start)" "$(printf '\\%03o' $second_end)"
  printf "'<<<'%s')\n" "$char"
}

# usage
shift_generator 1 "~"

Tooling

For more advanced obfuscation you can consider tools such as:

[Read more]