ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: opt / bitninja-waf3 / coreruleset / regex-assembly / include

##! Please refer to the documentation at
##! https://coreruleset.org/docs/development/regex_assembly/.

##! Word list for rule 932380 (RCE Windows command injection part 2/2)
##!
##! The list comes from the Microsoft Windows Server documentation. 
##! You can get it using the following one-liner:
##! `curl https://raw.githubusercontent.com/MicrosoftDocs/windowsserverdocs/main/WindowsServerDocs/administration/windows-commands/windows-commands.md | grep -oE '^-\s\[\w+\]' | cut -f2 -d[ | cut -f1 -d]`

active
add
append
arp
assign
assoc
at
atmadm
attrib
attributes
auditpol
autochk
autoconv
autofmt
automount
bcdboot
bcdedit
bdehdcfg
bitsadmin
bootcfg
break
cacls
call
cd
certreq
certutil
change
chcp
chdir
chglogon
chgport
chgusr
chkdsk
chkntfs
choice
cipher
clean
cleanmgr
clip
cls
cmd
cmdkey
cmstp
color
comp
compact
convert
copy
create
cscript
date
dcdiag
dcgpofix
defrag
del
delete
detail
dfsdiag
dfsrmig
diantz
dir
diskcomp
diskcopy
diskpart
diskperf
diskraid
diskshadow
dispdiag
dnscmd
doskey
driverquery
echo
edit
endlocal
erase
eventcreate
Evntcmd
exec
exit
expand
expose
extend
extract
fc
filesystems
find
findstr
finger
flattemp
fondue
for
forfiles
format
freedisk
fsutil
ftp
ftype
fveupdate
getmac
gettype
goto
gpfixup
gpresult
gpt
gpupdate
graftabl
help
helpctr
hostname
icacls
if
inactive
ipconfig
ipxroute
irftp
jetpack
klist
ksetup
ktmutil
ktpass
label
list
lodctr
logman
logoff
lpq
lpr
macfile
makecab
mapadmin
md
mkdir
mklink
mmc
mode
more
mount
mountvol
move
mqbkup
mqsvc
mqtgsvc
msdt
msg
msiexec
msinfo32
mstsc
nbtstat
netcfg
netdom
netsh
netstat
nfsadmin
nfsshare
nfsstat
nlbmgr
nltest
nslookup
ntbackup
ntcmdprompt
ntfrsutl
offline
online
openfiles
pagefileconfig
path
pathping
pause
pbadmin
pentnt
perfmon
ping
pktmon
pnpunattend
pnputil
popd
powershell
print
prncnfg
prndrvr
prnjobs
prnmngr
prnport
prnqctl
prompt
pubprn
pushd
pushprinterconnections
pwlauncher
pwsh
qappsrv
qprocess
query
quser
qwinsta
rd
rdpsign
recover
refsutil
reg
regini
regsvr32
relog
rem
remove
ren
rename
repadmin
repair
replace
rescan
reset
retain
revert
rexec
risetup
rmdir
robocopy
rpcinfo
rpcping
rsh
rundll32
rwinsta
san
schtasks
scwcmd
secedit
select
serverceipoptin
servermanagercmd
serverweroptin
setx
sfc
shadow
shift
showmount
shrink
shutdown
sort
start
subst
sxstrace
sysocmgr
systeminfo
takeown
tapicfg
taskkill
tasklist
tcmsetup
telnet
tftp
time
timeout
title
tlntadmn
tpmtool
tpmvscmgr
tracerpt
tracert
tree
tscon
tsdiscon
tsecimp
tskill
tsprof
type
typeperf
tzutil
unexpose
uniqueid
unlodctr
ver
verifier
verify
vol
vssadmin
waitfor
wbadmin
wdsutil
wecutil
wevtutil
where
whoami
winnt
winnt32
winrs
wmic
writer
wscript
xcopy

[-] url-schemes.ra [edit]
[-] charset-specification-no-anchors.ra [edit]
[-] windows-commands-prefix.ra [edit]
[+] ..
[-] unix-shell-pl3.ra [edit]
[-] 932130.ra [edit]
[-] unix-shell-upto3.ra [edit]
[-] js-truthy-values.ra [edit]
[-] unix-shell-evasion-prefix.ra [edit]
[-] charset-specification.ra [edit]
[-] sql-injection-function-names.ra [edit]
[-] unix-shell-evasion-prefix-start-of-string.ra [edit]
[-] windows-commands.ra [edit]
[-] sql-injection-mysql-postgresql-procedures-functions.ra [edit]
[-] allowed-charsets.ra [edit]
[-] unix-shell-4andup.ra [edit]