Bash 101 Hacks Pdf 11
Melva Simons
When you work with computers all day, it's fantastic to find repeatable commands and tag them for easy use later on. They all sit there, tucked away in /.bashrc (or /.zshrc for Zsh users), waiting to help improve your day!
The record of recent commands is stored by default in /.bash_history. This location can be changed by modifying the HISTFILE shell variable. There are other variables, such as HISTSIZE (lines to store in memory for the current session) and HISTFILESIZE (how many lines to keep in the history file). If you want to know more about history, see man bash.
Valentin is a system engineer with more than six years of experience in networking, storage, high-performing clusters, and automation.He is involved in different open source projects like bash, Fedora, Ceph, FreeBSD and is a member of Red Hat Accelerators. More about me
If you are a traditional programmer, using bash for scripting may seem limiting sometimes, but for certain tasks, bash can be very productive. It turns out, some of the limits of bash are really limits of older shells and people code to that to be compatible. Still other perceived issues are because some of the advanced functions in bash are arcane or confusing.
However, the traditional chsh approach does not work here because the university techs have disabled that as a startup shell. But, I can invoke bash by just calling bash from my terminal. So, I've developed a small hack that enables my current shell csh to start bash automatically by modifying my /.cshrc file so that it calls bash from it. The thing is, I wish to set it up in such way that when I exit my bash session, I want it to close it's parent csh session as well. How can I do that?
We start by entering the shebang or #!. This tells the operating system that whatever follows the shebang is the interpreter we want to use for our script. We then follow the shebang with /bin/bash indicating that we want the operating system to use the BASH shell interpreter.
It really depends upon the platform you decide to use. If you use a virtual machine, I recommend 8gb of RAM, but it will run on 4gb. Most of the hacks are not CPU intensive and BT/Kali only use about 3gb of hard drive.
this annoying guy again, but I really need help here. I made this script to simplify cloning AP's and stuff, but through the script I need to return to some lines (GOTO would be nice in bash...) so I had to use functions to return to. However, when I specify a function at the start of a script it doesn't automatically start, cuz when i do sh eviltwin.sh it just stays there blank. However if I remove the setup function line it executes normally. Do you know how to automatically run functions as the code progresses. Thank you. Here's a pic
while $HOME is user1 home, sudo -u user2 rbash -- will cd me to my home $HOME/jail. in a restricted shell, and PATH is set to $HOME/jail, i have tested all possible commands that i can use to escape jail, i almost left nothing, so i can tell that $HOME/jail is empty directory!
The only solution for the bash bug? If and when a patch becomes available, update every device you have. But that's something that's not likely. Companies don't often update their fleet of devices, and customers rarely pay attention for that sort of thing.
Lots of Internet-connected devices use the bash shell to run commands, like "turn on" and "turn off." Generally, a device that communicates using a bash shell also looks for extra information, like what browser or device you're using.
Various flavors of Linux have the bash command "source"somewhere in a profile--sometimes in the premade/home/username/.profile and other times in /etc/profile. (Dependingupon the distro, this might be /etc/profiles, /etc/.profile or/etc/profile.env) If this is the case, you will get an annoyingerror every time you log in, to the effect that the source commandis not found. The ksh equivalent is exec. (A period with a spaceafter it will also work.) So, find out where the source command isand change it. It'll usually be something like
You'll note that it's looking for .bashrc. You can change thatto read .kshrc and change the word source to exec, comment out theline, or whatever. Even if you leave it alone, things will work,but I'm anal and hate seeing error messages if I can fix them.
One can choose to set -o emacs or set -o vi. Most bash users arefamiliar with what this means. The default bash (and many othershells) option is emacs mode, where simple command line editing ispossible using emacs style keystrokes. Using vi mode uses vi stylekeystrokes. However, even many vi users use emacs mode for thecommand line.
All these YouTubers posted full videos of their hacks on their own channels as well. You can watch all the videos below, or follow the links to visit them on YouTube and subscribe. Note that the numbers below correspond with their positions in my roundup video above.
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash.
Shellshock occurs when the variables are passed into the shell called "bash". Bash is a common shell used on Linux systems. Web servers quite often need to run other programs to respond to a request, and it's common that these variables are passed into bash or another shell.
If that variable gets passed into bash by the web server, the Shellshock problem occurs. This is because bash has special rules for handling a variable starting with () :; ;. Rather than treating the variable HTTP_USER_AGENT as a sequence of characters with no special meaning, bash will interpret it as a command that needs to be executed (I've omitted the deeply technical explanations of why () :; ; makes bash behave like this for the sake of clarity in this essay.)
The latter is interesting because it highlights the fact that Shellshock isn't just an attack on web sites: it's an attack on anything that's running bash and accessible across the Internet. That could include hardware devices, set-top boxes, laptop computers, even, perhaps, telephones.
InfoWorld playswith the Bash Bunny, a USB device for attacking computers."It can run anything a regular Debian Linux distro can run, such asPython scripts or common Linux commands. To infiltrate other computingdevices, Bash Bunny can fake its identity as a trusted media device,networking device, keyboard, or other serial device. For example, it canload itself as a keyboard device and mimic keystrokes. You can downloaddozens of existing payload scripts, create your own, or ask questions in afairly active user forum." (Log in to post comments) Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted Apr 25, 2017 18:03 UTC (Tue) by Gollum (guest, #25237) [Link]
A lot of people have seem interested in porting things like this to my Tomu board ( ) which fits *inside* your USB port but nobody has actually submitted code yet. The Tomu board is obviously a lot more restrictive environment than a full Linux ARM PC running Python, but it is a lot smaller and constructible by a hobbist. My offer from LCA2017 to send anyone who submits a pull requests a device is still open if you (or anyone else) wanted to have a go...
Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted Apr 26, 2017 6:14 UTC (Wed) by Gollum (guest, #25237) [Link]
The big difference between the Tomu and e.g. the USaBUSe hardware (or WHID boards, etc) is the presence of a wireless interface (wifi in both of the above cases). This allows the attacker to do things like trigger their attack at a time of their choosing, as well as establishing a full comms channel from their platform to the victim.
These parts contain an RF interface, which could be utilised for this purpose, though ( ). I don't imagine they would be a drop in replacement, as you would still need antenna, etc circuitry.
Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted Apr 26, 2017 6:35 UTC (Wed) by mithro (subscriber, #50469) [Link]
With Xobs' Grainuum USB stack ( ) it should be really possible to do something like you are suggesting using parts similar to the linked one while retaining USB functionality and not breaking the bank.
I have been pondering trying to do a Tomu version which also supports the NFC and Bluetooth protocols that FIDO supports but I have way too many projects already :-)
Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted Apr 26, 2017 8:27 UTC (Wed) by sdalley (subscriber, #18550) [Link]
I haven't tried that with the screen locked, but I'm not aware of anything in Fedora (what I use) that would stop NetworkManager from doing all of that in the background.
Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted Apr 27, 2017 20:49 UTC (Thu) by Gollum (guest, #25237) [Link]
USaBUSe has a mouse jiggler built in that periodically moves the mouse 1 pixel back and forth. While this seems to be below the threshold to disturb (i.e. wake up) an active screensaver (on windows), it is enough to prevent one from activating if the user simply walks away, expecting the screensaver to kick in.
And in fact, the Linux version of USaBUSe (i.e. using the Linux OTG drivers, etc) can type out a full payload and be off the screen in around 4 seconds, and completely invisible in 8. This doesn't even require the user to have left his PC, rather just to have looked away, for example to have a conversation with someone at his desk.
And of course, implementing other USB classes can get you somewhere, for example, a network interface leads towards a PoisonTap style attack. Implementing a serial port/modem may result in Network Manager trying to dial out, giving login credentials for the remote endpoint to the attacker (unlikely, I admit, but hypothetically possible). Implementing a sound card could result in audio being sent to the attacker (so he could figure out what music you are listening to, whoop! Perhaps a conference call, though?)
Of the above, PoisonTap is most noteworthy. My point in mentioning the others is to highlight that the operating system (or desktop environment, or whatever) often automatically reacts to a new device being available, and starts to use it in some way. Generally, the assumption is that the user has plugged it in, and so this is a reasonable result. However, if the device is malicious, starting to interact with it may lead to undesirable consequences.
And maybe the answer is just to be a little less helpful when new devices are connected.
Bash Bunny: Big hacks come in tiny packages (InfoWorld) Posted May 3, 2017 17:10 UTC (Wed) by MaMe82 (guest, #115434) [Link]