Questions tagged [bash]

The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.

159 questions

votes

3 answers

SH Write a file with contents without any special chars

So, I've got a challenge and it's as follows. You can access a normal shell(sh) on clean RHEL 6 installation. Write arbitrary content to file.txt, but without the following characters. # & \ + - % @ = : ; , . ' " ^ ` ~ _ | ! / ? * $ # < > [ ] { }…

bash

asked Feb 25 '19 at 22:24

rotatorexperiment

votes

2 answers

Is my shell prompt visible to public?

Let say my local system's shell prompt is in this format: myname@mysurname:~$ Is it logged in some server when I login there via SSH/FTP? Or is it completely private information?

bash

asked Jul 27 '15 at 07:50

Onsur

vote

0 answers

.bash_history, where else commands might be stored in a Linux system?

How can I find all places where commands are stored in plain text in the system? I would disable the logging or restrict access to. Is it a security risk for a system if an attacker get access to all previously executed commands?

bash

asked May 29 '19 at 23:44

brkroot

votes

1 answer

Bash attack. Am I vulnerable?

Someone, today, appears to have tried to attack my VPS. I checked my logs and saw this: 54.251.83.67 - - [26/Sep/2014:17:07:02 -0400] "GET / HTTP/1.1" 200 1437 "-" "() { :;}; /bin/bash -c \"echo testing9123123\"; /bin/uname -a" Am I vulnerable? If…

bash

asked Sep 26 '14 at 21:12

Chris Burton

votes

2 answers

In some situation can be dangerous to echo command (e.g. rm -rf *) using a script?

If I have a script which on some conditions just do echo "rm -rf *" Can it be exploited in some way? EDIT: the goal is to write an enumeration script which will eventually suggests a command to execute to privilege escalate. So rm -rf is not the…

bash

asked May 31 '19 at 10:38

Maicake

-2

votes

1 answer

How to test the bash CVE-2014-6271?

Question: How do I know that I am affected or not by the bash CVE-2014-6271? I just have to simply run a command on the server? $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test $ Not using it via SSH and…

bash

asked Sep 25 '14 at 13:52

somelooser28533

-7

votes

1 answer

Can someone shut the "198.101.206.138" and "89.207.135.125" down?

egrep "};|}\s*;" /var/www/logs/access* 89.207.135.125 - - [25/Sep/2014:10:47:58 +0200] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.0" 404 168 "-" "() { :;}; /bin/ping -c 1 198.101.206.138" How can we shut down the server behind the IP that did this?

bash

asked Sep 26 '14 at 10:18

somelooser28533