Command injection - Advanced Command Obfuscation

cant seems to find a valid output, use encoded with upper and lower caps on filtered words but the output seems to be a directory? appreciate any guide/direction to complete this. thanks!

Have you tried all of the methods of obfuscation?

I recommend booting up the machine, then follow along with each example they give. One of them should eventually work. Then you just have to generate your own code to grab the flag. Although my guess is that you have done this already.

DM me the line you are sending to the target so I can help you out.

Hi onthesause, are you ok if I DM you about this. I got the command sort
of running, I get a list of files displayed in the response in Burp, but it
looks like | is filtered and I can’t bypass it.

I’ve tried <<<, I’ve also tried reversing and base64 encoding the whole
command and just the | parts but with no luck.


Hey no worries! Feel free to DM me any time. Send me the line you are using.

can yu help me too with the same exercise Find the output of the following command using one of the techniques you learned in this section: find /usr/share/ | grep root | grep mysql | tail -n 1