Jump to content

Escaping variable question


kuyaya

Recommended Posts

Hey guys, I have a question

My "problem" is to escape the $SWITCH_POSITION

This command here 

Quote

Q STRING "powerShell -windowstyle hidden -ExecutionPolicy Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\lazassword.ps1')"

Gives that output

Quote

powerShell -windowstyle hidden -ExecutionPolicy Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\switch1\lazassword.ps1')

But why is that the case? There are two \ in front of the $switch position. If you would only write one, it would just output $SWITCH_POSITION without any \, that makes sense, I understand that. But shouldn't it print out "payloads\$SWITCH_POSITION" because the switch position is escaped? Why does it print out switch1? The $SWITCH_POSITION should be escaped, shouldn't it?

And what should you write when you want to print out "\$SWITCH_POSITION"? Because the code above does not work for that.

Link to comment
Share on other sites

On 2/28/2020 at 4:08 PM, PoSHMagiC0de said:

"\$" escapes question mark.

"\\" escapes back slash.

"\\\$" escapes back slash and question mark.

 

Ah, I understand now. It has a "\\" because the first \ escapes the second \, so the bunny should print it and not use it as an escape character. And the $ then obviously doesn't get escaped because there are only two backslashes, and the first escapes the second, so it get printed out, as I wrote above.

Thank you

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...