The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.
Questions tagged [bash]
152 questions
0
votes
1 answer
Bash attack. Am I vulnerable?
Someone, today, appears to have tried to attack my VPS. I checked my logs and saw this:
54.251.83.67 - - [26/Sep/2014:17:07:02 -0400] "GET / HTTP/1.1" 200 1437 "-" "() { :;}; /bin/bash -c \"echo testing9123123\"; /bin/uname -a"
Am I vulnerable? If…
Chris Burton
- 103
- 3
0
votes
1 answer
Is this a demonstration that the shellshock patch isn't working?
I am checking my systems with the following command:
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
Which gives me: "completed", with no "busted", which seems good.
So I tried again with:
env x='() { :;}; echo vulnerable' bash -c "echo…
David Wilkins
- 443
- 4
- 8
0
votes
1 answer
bash: how to securely source a script from an environment variable
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined.
In general, the idea of running a script pointed by an environment variable seems a bit fishy as it can by writable by other users. So it would seem…
salmin
- 103
- 1
0
votes
0 answers
how can identify this encryption type?
I found a ciphers that I could not know its type, I want to decipher it but I could not, any…
bbbbb
- 1
0
votes
1 answer
BASH vs SH (dash, etc.) in terms of security
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh and use less third-party programs (grep, sed, etc.).
But for…
NewLinux
- 625
- 3
- 8
0
votes
2 answers
Is there a way to change your current UID to equal your EUID?
Here is the scenario:
running id gives this :
uid=1001(test1) gid=1001(test1) euid=1000(bl4ckc4t) groups=1001(test1) -
This means that I am user test1, but my euid is set to another user.
My goal is to get my uid to change to 1000 from my current…
Bl4ckC4t
- 3
- 3
0
votes
0 answers
How to supply both passphrase and string to encrypt to GnuPG using command line?
Considering using echo -n "passphrase" | gpg --batch --passphrase-fd 0 ... inside of Bash script (which should mitigate leaking passphrase to process list given echo is a built-in command, right?).
I need to know passphrase to create shares of it…
sunknudsen
- 169
- 1
- 8
0
votes
1 answer
What is claimed here about a vulnerability in the target of a "really common shell"?
in https://twitter.com/nnwakelam/status/1363761612423786496, its tweeted:
fucking yikes.. ran every bitcoin exchange for a really common shell and found....
Uname: Linux cloudimage 4.4.0-166-generic #195-Ubuntu SMP Tue Oct 1 09:36:25 UTC 2019…
hedgedandlevered
- 125
- 4
0
votes
2 answers
How to connect to a MariaDB database after collecting data about users and passwords with a SQLI?
I'm trying to breach a dummy MariaDB database which is vulnerable to SQLI and is storing sensitive data about its users and their passwords. I've collected all the data I could collect, but now how am I supposed to connect to this database and…
justanothernoob
- 1
- 1
0
votes
0 answers
how to hack rbash --?
I'm solving CTF challenge, and have to escalate the privilege from user1 to user2, $HOME is read-only, so i can't change $HOME/.bashrc.
sudo -l shows (user2) NOPASSOWRD: /usr/rbash -- i can't write any commands before or after --, it doesn't…
Error
- 103
- 3
0
votes
1 answer
Linux Privilege Escalation
I've been trying to solve a box. I got into the box by exploiting a web app and got reverse shell so I was www-data. I then found an ssh key that I used to login as another user and I ran sudo -l which showed me which files I could run as root.
I'm…
Angela Hewitt
- 13
- 3
0
votes
0 answers
How secure is /dev/stdin in UNIX systems?
Is decrypting secrets with ccrypt and piping the result via stdin to openvpn secure?
I've written the following alias to start an openvpn client more easily than before:
sudo bash -c 'cd OPVN_CONFIGS_DIR && ccrypt --cat _auth.conf.cpt | openvpn…
rmercier
- 1
- 2
0
votes
1 answer
What is bindshell backdoor?
I just found out a bindshell backdoor, but I don't know how to access/connect to it using Metasploit.
I'm a beginner with exploiting; is there a way to access the backdoor? I tried to search for "bindshell" on Metasploit but I didn't find anything.…
Tenchu
- 5
- 1
- 3
0
votes
2 answers
Exectuting sudo command in one line within a non-tty shell
I have access to a server via RCE over http. I can send post requests to the server which results in command execution. I am attempting to escalate privileges via sudo (su is not installed).
The server is heavily firewalled with egress filters and…
dd_doriz
- 1
- 2
0
votes
1 answer
msfconsole and using bash variables
When trying to set RHOSTS for an auxiliary module, I tried using $server, which is a bash variable I've set before entering msfconsole. It is not readable from within msfconsole.
How do I access bash variables from msfconsole?
driverobject
- 103
- 2