UPWORK/ODESK guru: Tips and Tricks for clients

skype: odesk.by / upwork.link , email: info@odesk.by/upwork.link

Archive for the ‘Bash’ Category

Bash: CVE-2014-6271 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 CVE-2014-6277

without comments

Test of problems with CVE-2014-7186 и CVE-2014-7187:

Read the rest of this entry »

Written by spectre

September 29th, 2014 at 9:20 am

Posted in Bash

Remote Code Exploitation through Bash

without comments

http://www.infoq.com/news/2014/09/bash-remote-exploit
https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability
http://www.pcweek.ru/foss/blog/foss/6963.php
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.2
https://launchpad.net/ubuntu/+source/bash/4.3-7ubuntu1.3

nodeX:~ # env VAR='() { :; }; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash Test
nodeX:~ # ssh nodeY
nodeY:~ # env VAR='() { :; }; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
Bash Test
nodeY:~ # 

http://shellshock.brandonpotter.com/
http://www.shellshocktest.com/
http://bashsmash.ccsir.org/

if you have some old / EOL release:

mkdir src
cd src
wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patches
for i in $(seq -f "%03g" 0 25); do wget     http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done
tar zxvf bash-4.3.tar.gz 
cd bash-4.3
#apply all patches
for i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done
#build and install
./configure && make && make install
cd .. 
cd ..
rm -r src

Written by spectre

September 26th, 2014 at 10:46 pm

Posted in Bash

BASH: while read line <<< $variable

without comments

How can you read from variable with ‘while read line’? This can save you disk writes.
You can write:

while IFS= read -r line
do
    echo "$line"
done < << "$the_list"

Read the rest of this entry »

Written by spectre

June 4th, 2013 at 8:56 pm

Posted in Bash,Tips and Tricks