Questions tagged [bash-scripting]
Bash is a "Unix shell": a command-line interface for interacting with the operating system. It is widely available, being the default shell on many GNU/Linux distributions and on Mac OSX, with ports existing for many other systems. It was intended as a free software alternative to the Bourne shell, and it incorporates all features of that shell, as well as new features such as integer arithmetic and job control.
15 questions
0
votes
2
answers
62
views
Are the stream editing coreutils secure against malicious standard in?
Standard scripting utilities such as sed, tr, grep, cat (etc.) can process a stream via standard in and transform it according to some arguments, outputting to STDOUT. I wonder if there are any attack ...
- 657
5
votes
3
answers
1k
views
Are these bash lines (handling untrusted user input) vulnerable to command injection?
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection?
I'm having issues clearly understanding this behavior in Bash. Also, ...
- 7,715
0
votes
0
answers
323
views
how to exploit read -p in bash script
i wanna execute ls command inplace of the output being "your name is ls"
is there a way to do it ?
read -p "name??" name
echo "your name is $name"
-1
votes
1
answer
163
views
How i can grep only subdomain names without "target.com" [closed]
i have w wordlist of subdomains contains like this :
admin.bugbountytarget.com
portal.bugbountytarget.com
sales.bugbountytarget.com
vpn1.bugbountytarget.com
dev.test.bugbountytarget.com
...
And I ...
1
vote
1
answer
146
views
macapps.link - possible attack vector - could you pipe through some security script
I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place.
A work ...
- 113
0
votes
1
answer
1k
views
BASH vs SH (dash, etc.) in terms of security [closed]
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh ...
- 735
0
votes
1
answer
290
views
Creating a unique password for each device/unit of the same product
We are currently working on an IoT product & having a hard time coming up with a strategy to create a unique password for each device/unit.
I do understand that password based on a function of { ...
0
votes
1
answer
435
views
Is it normal for shell scripts to contain binary data?
I ask because I've been looking into Miniconda (https://repo.anaconda.com/miniconda/Miniconda3-py39_4.9.2-Linux-x86_64.sh), and the installation shell script has TONS of binary data starting at line ...
- 3
2
votes
2
answers
3k
views
Are positional parameters vulnerable to command injection?
I am trying to find if the following shell script is vulnerable to command injection
#!/bin/sh
set -x
dig +noall +answer TXT $2._domainkey.$1
Now when I try something like this,
sh script.sh "...
- 183
1
vote
1
answer
399
views
Learn Bash or Powershell for Security Work? [closed]
Is Bash more commonly used in security work than PowerShell? If so, why? (Now that Powershell can be used on Linux)
I tried to Google around for an answer on this, and the only questions we seem to ...
- 523
1
vote
1
answer
548
views
sudo systemctl running a webserver a security risk?
On linux ami the only way to easily run systemctl for my server is by running
sudo systemctl start node
In the service:
/etc/systemd/system/node.service
sudo seems to be mandatory for the 'enable',...
- 211
3
votes
0
answers
2k
views
Shell scripts scanning tools
It has become common trend to use shell scripts from the web and directly run them:
bash <(curl -sL some.random.website.com)
I always view the script before running them. However, shell scripts ...
- 241
0
votes
0
answers
723
views
Linux curl SH script broken unless I specify TLS version
I was going to post this on a different SE site, but I found that explicitly stating --tlsv1.1 to curl fixed the problem, for now. My question now relates to security.
A vendor switched to FTPS (not ...
- 123
3
votes
2
answers
751
views
Are alphanumeric strings safe to pass to a bash script?
I'm currently developing a web service that takes user input and passes it to a bash script as an argument.
I know that without sanitizing this allows for remote command execution. So I want to know ...
- 211
1
vote
0
answers
147
views
For creating tools, Bash, Perl or Python? Which should I invest my time in to? [closed]
Having trouble choosing between the three, I would of course love to learn all three in the future, but right now I'm curious as to which language would be the most beneficial to me.
Also, I'm aware ...
- 325