Links32
Tag cloud
Picture wall
Daily
RSS Feed
  • RSS Feed
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filters

Links per page

  • 20 links
  • 50 links
  • 100 links

Filters

Untagged links
    Type 1 or more characters for results.
    page 2 / 2
    28 results tagged Bash  ✕
    Borg - Pour trouver des snippets directement depuis votre terminal (macOS / Linux) - Korben https://korben.info/borg-trouver-snippets-directement-terminal-macos-linux.html
    Tue Feb 28 12:59:32 2017 archive.org
    thumbnail

    Version WEB :

    https://ok-b.org/

    #Command:

     borg "get my ip"
     wget (link) github.com/ok-borg/borg/releases/download/v0.0.1/borg_linux_amd64 -O /usr/local/bin/borg
      chmod 755 /usr/local/bin/borg
    linux bash snippet
    TronScript – Pour remettre en état un PC Windows en souffrance « http://korben.info/tronscript-pour-remettre-en-etat-un-pc-windows-en-souffrance.html
    Thu Feb 4 14:35:32 2016 archive.org
    thumbnail
    windows tools cleaning bash
    Learn Application Security | Codebashing https://www.codebashing.com/
    Mon Jan 11 11:43:30 2016 archive.org
    thumbnail

    codebashing

    code bash codebashing help aide
    Debian -- Details of package checkinstall in jessie https://packages.debian.org/jessie/checkinstall
    Mon Dec 28 12:09:35 2015 archive.org

    checkinstall debian bash script apt

    checkinstall debian bash script
    du with colored bar graph | commandlinefu.com http://www.commandlinefu.com/commands/view/14682/du-with-colored-bar-graph#comment
    Mon Sep 14 06:58:52 2015 archive.org
    commandeline shell bash linux
    bash http://www.echosystem.fr/UpFile/Dp.png
    Thu Oct 16 16:33:04 2014 archive.org
    bash
    shellshocker https://shellshocker.net/
    Mon Sep 29 11:36:14 2014 archive.org
    thumbnail

    shellshocker
    What is #shellshock?

    Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in since Tue Sep 30 2014: 1:32PM EST (See patch history), you're most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3 according to NVD.

    You can use this website to test if your system is vulnerable, and also learn how to patch the vulnerability so you are no longer at risk for attack.

    You can test if a system is vulnerable by using the form below. Just provide a http or https url and test away!
    Url

    Please test responsibly. All tests details are logged. Do not test against websites that you do not have permission to test against. All data is archived in case of abuse.

    Here is an example script that is vulnerable. Place this in your /cgi-bin/shockme.cgi and try hitting it with the shock tester.

    !/bin/bash

    echo "Content-type: text/html"
    echo ""
    echo "https://shellshocker.net/"

    Last updated Friday September 26th at 4:43PM EST: This website tester will now wait for a valid response before returning the state of the vulnerability. If the server responds with a 500 we assume you're vulnerable and we display the response immediately without waiting. If we get any other response code we will wait 3 seconds for a reply from your server and display if you're vulnerable or not.
    Testing Your System

    To test your system, you can simply run this one liner below to find if you're vulnerable.

    curl https://shellshocker.net/shellshock_test.sh | bash

    You can view the source of shellshock_test.sh on GitHub.

    If you want to test each exploit individually without running the script above, feel free! They are listed below.
    Exploit 1 (CVE-2014-6271)

    There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.

    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

    If you see "vulnerable" you need to update bash. Otherwise, you should be good to go.
    Exploit 2 (CVE-2014-7169)

    Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

    env X='() { (shellshocker.net)=>\' bash -c "echo date"; cat echo; rm ./echo

    If the above command outputs the current date (it may also show errors), you are still vulnerable.
    Exploit 3 (???)

    Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.

    env X=' () { }; echo hello' bash -c 'date'

    If the above command outputs "hello", you are vulnerable.
    Exploit 4 (CVE-2014-7186)

    bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' ||
    echo "CVE-2014-7186 vulnerable, redir_stack"

    A vulnerable system will echo the text "CVE-2014-7186 vulnerable, redir_stack".
    Exploit 5 (CVE-2014-7187)

    (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
    echo "CVE-2014-7187 vulnerable, word_lineno"

    A vulnerable system will echo the text "CVE-2014-7187 vulnerable, word_lineno".
    Exploit 6 (CVE-2014-6278)

    shellshocker='() { echo You are vulnerable; }' bash -c shellshocker

    You shouldn't see "You are vulnerable", if you're patched you will see "bash: shellshocker: command not found"
    Exploit 7 (CVE-2014-6277)

    bash -c "f() { x() { ;}; x() { ;} <<a; }" 2>/dev/null || echo vulnerable

    If the command outputs "vulnerable", you are vulnerable.

    If you've tested your system, please leave a comment below. Don't forget to include your bash version and what OS you're running. Type bash --version for bash, and cat /etc/release for your OS.

    shellshocker unix linix vulnerability hack security Bash
    GNU bash Environment Variable Command Injection (MSF) http://www.exploit-db.com/exploits/34777/
    Thu Sep 25 18:17:27 2014 archive.org
    thumbnail

    GNU bash Environment Variable Command Injection (MSF)

    GNU bash Environment Variable Command Injection
    page 2 / 2
    1583 links, including 7 private
    Shaarli - The personal, minimalist, super-fast, database free, bookmarking service by the Shaarli community - Theme by kalvn