# Command Injection

* Blind injection
* Verbose injection

## Blind Injection
* Check via ping, open a `tcpdump` on ICMP to listen for packets
* Redirect to logfile and read
* Use `sleep` or `timeout` to check if ci is possible in general

## Functions
* Watch out for 
    * `eval()`
    * `exec()`
    * `passthru()`
    * `system()`