Questions tagged [bash]

The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.

152 questions

vote

2 answers

The most secure way to allow downloading and installing an app on Mac, Windows, or Linux

I have been introduced to the anti-bash-script-piping stuff such as these: Curl Bash Piping Wall of Shame (link broken) Piping curl to s(hell) Don't Pipe to your Shell The hidden dangers of piping curl and how to protect yourself ... The gist of…

shellcode bash package-manager

asked Jul 07 '19 at 20:10

Lance

vote

0 answers

.bash_history, where else commands might be stored in a Linux system?

How can I find all places where commands are stored in plain text in the system? I would disable the logging or restrict access to. Is it a security risk for a system if an attacker get access to all previously executed commands?

bash

asked May 29 '19 at 23:44

brkroot

vote

0 answers

How to stop logging for a specific user?

I'm a root user on my server. There are a bunch of users on my system. As you know, when you type w you can see who is and who isn't online. With the last command you can check last users who were logged in to your system, according to /var/log/wtmp…

linux logging bash

asked May 21 '19 at 07:17

Freeman

vote

3 answers

Leveraging curl to spawn a shell

So I'm doing a HTB challenge where I have leveraged the targets box use of reading a file that sets a url for curl in order to transverse down the directory and display the root flag in a report that is part of the exercise. File Content: url =…

bash curl root

asked Nov 21 '18 at 16:25

3therk1ll

vote

2 answers

Capture Response Attempting to Connect to Open SSH

I want to be able to attempt to connect to a host using password authentication and store the server's response in a variable. This is to see what hosts in my list accept passwords for their ssh services. The problem is that I can not redirect this…

ssh bash

asked Nov 18 '18 at 16:30

Fingers

vote

1 answer

What can an attacker do in this scenario? (unwritable bashrc, profile, etc.)

Scenario: Typical Linux desktop setup: unprivileged user but with sudo capabilities to do basically everything For the sake of argument let's forget about X11 and its way to allow trivial keyloggers, so let's say the distro is using Wayland or…

linux attack-vector bash code-execution sudo

asked Jun 17 '18 at 11:32

reed

15,398
6
43
64

vote

1 answer

Bash wildcards - Manipulate globbing to delete arbitrary files

I am currently auditing a plugin and have the following situation (simplified for example purposes):

php bash wildcard

asked May 20 '18 at 12:33

Simon Scannell

vote

0 answers

Input on a somewhat controversial backup solution using shell based SFTP

I've been tinkering with a backup solution in my spare time, made to simplify doing backups as much as possible. It's written in bash. The solution consists of 2 files, one placed on a backup server, the other one placed on the machine that wants to…

ssh bash

asked Apr 19 '18 at 10:56

user165397

vote

1 answer

Is it possible to "encode" a bash sentence?

I was recently solving a CTF challenge that I found quite strange, first of all I have been given a chain of characters that no matter how hard I try to find an answer I can not find it, I am going to publish part of that chain in order to have an…

encryption linux shellcode encoding bash

asked Feb 10 '18 at 01:43

Julián

vote

1 answer

Metasploit automate actions when reverse shell connects

I have used metasploit's netgear_wnr2000_rce to gain root shell access on a linux embedded device (no option for payloads). I am currently automating the process, and want to run a bash script when shell access is gained. I have investigated the…

metasploit bash

asked Oct 24 '17 at 09:23

username

vote

0 answers

/bin/sh orphaned link - have I been hacked?

Just today I found that when I log in to my linux server, I receive an error message: -bash: /usr/bin/lesspipe: /bin/sh: bad interpreter: No such file or directory This seems to be because my /bin/sh is an orphaned link. It points to z which…

linux bash

asked Sep 27 '17 at 08:57

Nacht

vote

4 answers

Is there a criteria for allowing or disallowing the execution of bash scripts as root with sudo?

What criteria could I take in order to to allow or disallow the execution of bash scripts with sudo as root? I know I should analyze the script but I have not enough time and I trust my developers. My criteria today is to request the script user…

bash sudo

asked Sep 07 '16 at 14:34

Eloy Roldán Paredes

1,507
12
25

vote

1 answer

What does this malicious bash script do?

I found this script digging around on a friend's computer (Mac OSX El Capitan) today. It obviously looks malicious, and seems to be an install/setup script. I can see it moves files around and unpacks some tar balls. My question: how do I best…

malware virus macos bash

asked Aug 16 '16 at 16:19

socrates

vote

0 answers

How does text that is displayed with cat end up trying to execute in the Linux terminal?

Sometimes you accidentally "cat" a binary... only for your terminal to become utterly corrupted, ending up in another code page where all characters are unrecognizable, while your shell spits back at you "Command not found" "Command not found" as if…

linux bash terminal putty

asked Mar 25 '16 at 09:58

Dagelf

vote

1 answer

What's the secure way to write clear text password into a file?

I'm trying to insert sensible data into a file. I'm trying to write a MySQL configuration file dynamically. The file contains this: [client] password: 87sfZEKEF,5 The script that I used is owned by root, and therefore "nobody" can see its…

password-management bash

asked Sep 21 '15 at 11:09

ling

Prev 1 2 3

…

10 11 Next