20 lines
344 B
Markdown
20 lines
344 B
Markdown
|
# Command Injection
|
||
|
|
||
|
* Blind injection
|
||
|
* Verbose injection
|
||
|
|
||
|
## Blind Injection
|
||
|
* Check via ping, open a `tcpdump` on ICMP to listen for packets
|
||
|
* Redirect to logfile and read
|
||
|
* Use `sleep` or `timeout` to check if ci is possible in general
|
||
|
|
||
|
## Functions
|
||
|
* Watch out for
|
||
|
* `eval()`
|
||
|
* `exec()`
|
||
|
* `passthru()`
|
||
|
* `system()`
|
||
|
|
||
|
|
||
|
|