Questions tagged [bash-scripting]
Bash is a "Unix shell": a command-line interface for interacting with the operating system. It is widely available, being the default shell on many GNU/Linux distributions and on Mac OSX, with ports existing for many other systems. It was intended as a free software alternative to the Bourne shell, and it incorporates all features of that shell, as well as new features such as integer arithmetic and job control.
14 questions
5votes
3answers
1kviews
Are these bash lines (handling untrusted user input) vulnerable to command injection?
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection? I'm having issues clearly understanding this behavior in Bash. Also, ...
- 7,657
0votes
0answers
295views
how to exploit read -p in bash script
i wanna execute ls command inplace of the output being "your name is ls" is there a way to do it ? read -p "name??" name echo "your name is $name"
-1votes
1answer
129views
How i can grep only subdomain names without "target.com" [closed]
i have w wordlist of subdomains contains like this : admin.bugbountytarget.com portal.bugbountytarget.com sales.bugbountytarget.com vpn1.bugbountytarget.com dev.test.bugbountytarget.com ... And I ...
1vote
1answer
111views
macapps.link - possible attack vector - could you pipe through some security script
I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place. A work ...
- 113
0votes
1answer
1kviews
BASH vs SH (dash, etc.) in terms of security [closed]
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh ...
- 725
0votes
1answer
247views
Creating a unique password for each device/unit of the same product
We are currently working on an IoT product & having a hard time coming up with a strategy to create a unique password for each device/unit. I do understand that password based on a function of { ...
0votes
1answer
369views
Is it normal for shell scripts to contain binary data?
I ask because I've been looking into Miniconda (https://repo.anaconda.com/miniconda/Miniconda3-py39_4.9.2-Linux-x86_64.sh), and the installation shell script has TONS of binary data starting at line ...
2votes
2answers
3kviews
Are positional parameters vulnerable to command injection?
I am trying to find if the following shell script is vulnerable to command injection #!/bin/sh set -x dig +noall +answer TXT $2._domainkey.$1 Now when I try something like this, sh script.sh "...
- 183
1vote
1answer
368views
Learn Bash or Powershell for Security Work? [closed]
Is Bash more commonly used in security work than PowerShell? If so, why? (Now that Powershell can be used on Linux) I tried to Google around for an answer on this, and the only questions we seem to ...
- 523
1vote
1answer
496views
sudo systemctl running a webserver a security risk?
On linux ami the only way to easily run systemctl for my server is by running sudo systemctl start node In the service: /etc/systemd/system/node.service sudo seems to be mandatory for the 'enable',...
- 211
2votes
0answers
2kviews
Shell scripts scanning tools
It has become common trend to use shell scripts from the web and directly run them: bash <(curl -sL some.random.website.com) I always view the script before running them. However, shell scripts ...
- 221
0votes
0answers
694views
Linux curl SH script broken unless I specify TLS version
I was going to post this on a different SE site, but I found that explicitly stating --tlsv1.1 to curl fixed the problem, for now. My question now relates to security. A vendor switched to FTPS (not ...
- 123
3votes
2answers
701views
Are alphanumeric strings safe to pass to a bash script?
I'm currently developing a web service that takes user input and passes it to a bash script as an argument. I know that without sanitizing this allows for remote command execution. So I want to know ...
- 211
1vote
0answers
134views
For creating tools, Bash, Perl or Python? Which should I invest my time in to? [closed]
Having trouble choosing between the three, I would of course love to learn all three in the future, but right now I'm curious as to which language would be the most beneficial to me. Also, I'm aware ...
- 325
