Highest Voted 'bash' Questions - IT Security Stack Exchange

0

votes

1 answer

Looking for a way to overwrite a symbolic link

I'm peparing for OSCP and I found an interesting situation (Alpine Linux). There is a daemon super_service executed by root that is reading configuration file from /var/super_service/configs/ which is a symbolic link to location that my user john…

linux bash symlink

asked Mar 21 '20 at 23:01

elklepo

103
3

0

votes

2 answers

Find Buffer Overflows at a target you want to gain access

I want to pass my OSCP exam and I am learning with the material I got. I watched the videos and read the pdf but I have a question about buffer overflows. In the example in the videos, the guy has access to the target system and can so control,…

penetration-test buffer-overflow memory shellcode bash

asked Jan 23 '20 at 12:16

Soteri

123
6

0

votes

1 answer

How .bashrc can be used to attack a system?

I read about this malicious Sudo function on Nullbyte where by inserting this bash function into a victims .bashrc/.bash_profile an attacker could exfiltrate sudo passwords fairly easily. This got me thinking about other possible malicious…

linux exploit bash

asked Jan 21 '20 at 09:55

Kyle Fennell

921
4
12

0

votes

2 answers

In some situation can be dangerous to echo command (e.g. rm -rf *) using a script?

If I have a script which on some conditions just do echo "rm -rf *" Can it be exploited in some way? EDIT: the goal is to write an enumeration script which will eventually suggests a command to execute to privilege escalate. So rm -rf is not the…

bash

asked May 31 '19 at 10:38

Maicake

497
1
3
13

0

votes

1 answer

Command injection with brace expansion

Does anyone have more experience with bash brace expansions when dealing with command injections that filters whitespaces? I am encountering most likely not a filtering engine, but an bad parsing engine which has an command injection vulnerability…

web-application network linux bash

asked Feb 12 '19 at 22:14

zakax

1
1

0

votes

1 answer

Implications of running script as argument to shell

Context for the question is the following comment on one of my answers: @SergiyKolodyazhnyy Prefacing a script name with /bin/bash or even just bash is also a common way to solve the lack of executable permissions on the script. I've refuted with…

linux shellcode bash

asked Oct 28 '17 at 23:00

Sergiy Kolodyazhnyy

519
5
17

0

votes

2 answers

Full protection from shell-script injections (like a "Bash injection") - Is it even possible?

Assume there's a website built with some FOSS CMS (like Drupal) and the websites' directory is owned and grouped by root (instead www-data as common in Apache in Nginx) and a friend of the site's owner mistakenly sees that and tells the…

injection bash cms

asked Jan 03 '17 at 08:01

user123574

0

votes

2 answers

Publishing proxy server IP address on github

Is it safe to store proxy IP address and port in a shell config file on github? I see some people doing that and don't worry about it.

proxy configuration bash git

asked Nov 19 '16 at 15:30

konstunn

101

0

votes

1 answer

Does having /sbin/nologin mean I cannot start the /bin/sh executable?

While practicing exploitation on a lab, I managed to get the ability to execute php code which allowed me to execute system commands through shell_exec on a web server. The apache user has /sbin/nologin assigned as its shell. I have tried using the…

php penetration-test exploit shellcode bash

asked Jul 31 '16 at 09:10

MykelXIII

103
5

0

votes

1 answer

taking input from webform and piping into bash password prompt

I've been wanting to create a simple web application that would allow me to view certain text files that I've encryped with GnuPG residing on my webserver through any browser remotely. I've figured that the best way to do this is to set up a login…

gnupg html bash

asked Feb 09 '16 at 23:53

rrego

3
2

-1

votes

1 answer

Shellshock vulnerability for pc inside LAN

A common pc running bash inside a home LAN network (with a router/gateway providing internet access to the LAN) does not have any contact with the external internet, except browser navigation and the mailreader (with no port forward in the router…

network known-vulnerabilities shellshock bash

asked Oct 06 '14 at 09:14

BowPark

109
4

-1

votes

1 answer

Dirty COW exploit by Bash

I've found many exploits for Dirty COW vulnerability with many methods that written in C programming language. But I want to test this vulnerability on a target that doesn't have gcc as C compiler (or any other C compilers). So I can't use these…

ubuntu c bash dirty-cow

asked Oct 05 '17 at 16:51

Tara S Volpe

103
1
2

-1

votes

4 answers

Does a Turing complete shell means equal secure?

I have heard that Linux is more secure than Windows. Is that true? I think they are equally secure because both has a Turing complete shell so if you management to do harm on one system, there is a method to do the same harm on another system. Is my…

windows linux bash powershell

asked Jul 06 '17 at 16:28

junior

25
2

-2

votes

1 answer

How to test the bash CVE-2014-6271?

Question: How do I know that I am affected or not by the bash CVE-2014-6271? I just have to simply run a command on the server? $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test $ Not using it via SSH and…

bash

asked Sep 25 '14 at 13:52

somelooser28533

127
4

-2

votes

2 answers

Creating portable bash terminal & cmd to USB

Developing my toolkit and I want to have a safe edition of cmd.exe and bash on a usb. Why? These can be tampered with by attackers and I want a version I know is safe from manipulation. Any suggestions? Is this even possible today? I've read old…

physical tools usb bash terminal

asked Apr 17 '18 at 05:44

Simonhawk

1
2

Questions tagged [bash]