This paper discusses methodologies for performing blind command injection on embedded systems and restricted environments.
You can download it from the following link: https://packetstormsecurity.com/files/download/129584/blind_command_injection_on_busybox.pdf
Source: https://packetstormsecurity.com/files/129584/Blind-Command-Injection-On-Embedded-Systems.html