IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [terminal]

39 questions
2
votes
1 answer

Lightweight terminal protocol for IoT

For IoT devices with limited resources (e.g. embedded system with 32 kB RAM, 128 kB Flash memory, running an RTOS such as FreeRTOS, small TCP/IP stack such as lwIP): It might be useful to have a terminal type protocol for debugging or testing.…
Craig McQueen
  • 121
  • 4
2
votes
2 answers

Is using cat -v an appropriate way to sanitize untrusted text?

It is well known that a terminal tends to trust things which are printed to it through stdout/stderr, making outputting attacker-controlled data to the terminal a risky action. Is using cat -v an effective way to sanitize untrusted data that will be…
forest
  • 64,616
  • 20
  • 206
  • 257
2
votes
2 answers

How to accept user input for use in terminal safely?

I found a vulnerability, and I'm not sure how to patch it. I currently accept input from the user and use it to create a terminal command which I run on the server. Here's the code simplified. // Get user input $monochromeThreshold =…
Goose
  • 1,394
  • 1
  • 11
  • 17
2
votes
1 answer

How to get more information on TermDD Security Layer Disconnects (Event 56)

In my Admin event log, I see the following errors: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: XXX.XXX.XXX.XXX Sometimes I see IP's here that I don't believe should have…
turkinator
  • 603
  • 1
  • 7
  • 13
1
vote
1 answer

Repeated security questions after remote key has changed

I reinstalled one of my machines and gave it new ssh keys, which should yield warnings when I connect to it from a machine I have connected from earlier. First I get the big warning that the remote host identifcation has changed, it shows me the…
MattBianco
  • 231
  • 3
  • 9
1
vote
2 answers

PCI DSS 3.0 and card swipe terminals for our merchants

We run an online software service that collects and transmits card transactions for small merchants. They use card swipe terminals connected to their business PCs that direct the traffic straight through to our secure portal via HTTPS with two…
Skelter
  • 13
  • 3
1
vote
0 answers

Is there such a thing as "parameterized terminal commands"?

Long ago, I used to do SQL queries like: SELECT * FROM table WHERE id = ' . attempt_to_escape($_GET['id']) . ' ORDER BY timestamp DESC LIMIT 1; This was horribly scary and I probably messed it up by using/not using quotes or not checking the…
Kingsley Bagri
  • 11
  • 1
1
vote
0 answers

Metasploit wmap_run -e freezes on auxiliary/scanner/http/brute_dirs module, returns 404

I am trying to run a wmap scan on a web app locally on my Mac. But when wmap reached File/Dir testing, more specifically the brute force module, it does not show anything for path (even though the path was defined, as it works for the other modules)…
Viren Sareen
  • 11
  • 2
1
vote
0 answers

Does `cat -v` provide adequate protection against control character injection and other similar attacks?

I need to cat an untrusted file on a remote server. I'm doing this by logging in with SSH. There are known risks related to cat-ing untrusted files. See here. The cat -v option can be used to encode non-printing characters: -v, --show-nonprinting …
rubberband876
  • 173
  • 5
1
vote
1 answer

Does it make sense to check command integrity after running it as root?

The other day Dave was hurrying for his project at night. He wanted to install homebrew on his Mac. He typed "homebrew" in Safari search bar, pressed return, and clicked into the first link. He copied the command on the webpage, pasted it into the…
tonychow0929
  • 2,247
  • 3
  • 13
  • 14
1
vote
0 answers

What does it mean to "run a command in memory"?

If I open a terminal and use the following commands, are they "run in memory"? $ curl -s http://website.com/file.py | python - & $ command=$(curl -s http://website.com/file.py); $(echo $command | python - &) (I'm not sure that second example will…
user189912
  • 11
  • 2
1
vote
1 answer

Alternative forms for special characters in terminal

I was solving a problem on a popular hacking for fun website, when I got following idea: Is it possible to represent - for example a '/' (just the slash) in the terminal (linux) in another way - for example hexadecimal: example: cd /etc/ as cd %2F…
OcK
  • 13
  • 3
1
vote
1 answer

Is there a way to ask cracklib-check to go through a list of passwords?

I know cracklib-check can be used to check individual password, like - $ echo "12345" | /usr/sbin/cracklib-check 12345: it is too short If not wanting to be super-user as on Debian it requires to be superuser/root. The other way is of course to be…
shirish
  • 151
  • 4
1
vote
1 answer

Why Microsoft leaves known security flaws?

There is very well known security flaw in microsoft windows. That you simle boot a linux OS from flash drive e.g Kali Linux. And just replace a cmd file with sethc file and you can prompt cmd with administrator rights on lock screen of windows by…
Umair Afzal
  • 165
  • 8
1
vote
0 answers

How to launch kali Linux installer inside live version

i need to know how I can launch the kali Linux installer through terminal pleas. Running latest version of kali Linux on LIVE USB. Trouble booting with uefi and so forth so I need to know how to launch the installer so I can install on my hard…
Gabriel Haddad
  • 11
  • 1
1
2
3