Blacklisting commands work like below’s code:
We can utilize various obfuscation techniques that will execute our command without using the exact command word.
Linux and Windows
One common way is to insert a certain character within our command that is usually ignored by command shells like Bash or PowerShell.
'
and "
are sometimes just ignored.
e.g
Number of quotes always has to be even.
Linux Only
We can insert few other Linux-only characters in the middle of commands and the bash shell would ignore them and execute the command.
\
and $@
is often used for this purpose.
e.g
Windows Only
We can insert ^
character between command as such:
To read a file I can use something like:
127.0.0.1%0a{ca't',${PATH:0:1}home${PATH:0:1}user1${PATH:0:1}flag.txt}