Różnice
Różnice między wybraną wersją a wersją aktualną.
Poprzednia rewizja po obu stronach Poprzednia wersja Nowa wersja | Poprzednia wersja | ||
linux:bash [2014/10/28 09:16] – flamenco | linux:bash [2022/05/22 10:38] (aktualna) – edycja zewnętrzna 127.0.0.1 | ||
---|---|---|---|
Linia 1: | Linia 1: | ||
====== BASH i okolice ====== | ====== BASH i okolice ====== | ||
- | ===== Kolorowanie tekstu w terminalu ===== | + | ===== Kolorowanie tekstu w terminalu |
Here is some more detail on the awesome tput command suggested in Ignacio' | Here is some more detail on the awesome tput command suggested in Ignacio' | ||
==== Colour commands ==== | ==== Colour commands ==== | ||
< | < | ||
- | tput setab [1-7] # Set the background colour using ANSI escape | + | # Set the background colour using ANSI escape |
- | tput setaf [1-7] # Set the foreground colour using ANSI escape | + | tput setab [1-7] |
+ | # Set the foreground colour using ANSI escape | ||
+ | tput setaf [1-7] | ||
</ | </ | ||
Colours are as follows: | Colours are as follows: | ||
Linia 21: | Linia 24: | ||
7 white | 7 white | ||
</ | </ | ||
- | There are also non-ANSI versions of the colour setting functions (setb instead of setab, and setf instead of setaf) which use different numbers, not given here. | + | There are also non-ANSI versions of the colour setting functions ('' |
==== Text mode commands ==== | ==== Text mode commands ==== | ||
Linia 60: | Linia 63: | ||
tput bel # play a bell | tput bel # play a bell | ||
</ | </ | ||
- | With compiz wobbly windows, the bel command makes the terminal wobble for a second to draw the user's attention. | + | With [[https:// |
==== Example usage ==== | ==== Example usage ==== | ||
Linia 68: | Linia 71: | ||
Looks like this on my Ubuntu terminal: | Looks like this on my Ubuntu terminal: | ||
- | '' | ||
{{: | {{: | ||
- | Screenshot of colour terminal text | ||
- | Use command sgr 0 to reset the colour at the end. | ||
- | Performing multiple operations | + | Use command '' |
- | tput accepts scripts containing one command per line, which are executed in order before tput exits. | + | ==== Performing multiple operations at once ==== |
- | Avoid temporary files by echoing a multiline string and piping it: | ||
+ | '' | ||
+ | |||
+ | Avoid temporary files by echoing a multiline string and piping it: | ||
+ | < | ||
echo -e "setf 7\nsetb 1" | tput -S # set fg white and bg red | echo -e "setf 7\nsetb 1" | tput -S # set fg white and bg red | ||
- | See also | + | </ |
+ | ==== See also ==== | ||
+ | |||
+ | * See '' | ||
+ | * See '' | ||
+ | |||
+ | ===== Backup bashem ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | ===== Ciekawostki ===== | ||
+ | |||
+ | ==== Federico Bento '' | ||
+ | |||
+ | |||
+ | So recently i've encountered a post by Kurt Seifried of RedHat on oss-sec' | ||
+ | |||
+ | This is a little misleading title, since escape sequences have been introduced circa 70's, so it's actually not that new. | ||
+ | |||
+ | How it technically works: | ||
+ | |||
+ | A terminal escape sequence is a special sequence of characters that is printed (like any other text). | ||
+ | |||
+ | If the terminal understands the sequence, it won't display the character-sequence, | ||
+ | |||
+ | While some people might already know what i'm going to present you, the majority I believe doesn' | ||
+ | |||
+ | <code bash> | ||
+ | $ printf '# | ||
+ | doing something very nice!\n' | ||
+ | $ chmod +x backdoor.sh | ||
+ | $ cat backdoor.sh | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | $ ./ | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | As you can see, our beloved '' | ||
+ | interprets escape sequences. | ||
+ | |||
+ | <code bash> | ||
+ | $ head backdoor.sh | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ tail backdoor.sh | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ more backdoor.sh | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | </ | ||
+ | |||
+ | It's not over yet! | ||
+ | |||
+ | <code bash> | ||
+ | $ curl 127.0.0.1/ | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ wget -qO - 127.0.0.1/ | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | </ | ||
+ | |||
+ | But if we pipe it into a shell... | ||
+ | |||
+ | <code bash> | ||
+ | $ curl -s 127.0.0.1/ | ||
+ | doing something evil! | ||
+ | |||
+ | $ wget -qO - 127.0.0.1/ | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | You might be thinking //"If I opened that in my browser, I would detect it being malicious!"// | ||
+ | |||
+ | Well, think again... | ||
+ | |||
+ | One can have all sorts of fun with user-agents, | ||
+ | |||
+ | I wouldn' | ||
+ | |||
+ | I wouldn' | ||
+ | |||
+ | It's no secret, most of us rely on '' | ||
+ | |||
+ | Here's another example with a '' | ||
+ | |||
+ | <code c> | ||
+ | $ printf '# | ||
+ | something evil\\n" | ||
+ | much... */ | ||
+ | 0; | ||
+ | $ cat nice.c | ||
+ | #include < | ||
+ | |||
+ | int main() | ||
+ | { | ||
+ | /* This simple program doesnt do much... */ | ||
+ | printf(" | ||
+ | return 0; | ||
+ | } | ||
+ | </ | ||
+ | <code bash> | ||
+ | $ gcc nice.c | ||
+ | $ ./a.out | ||
+ | doing something evil | ||
+ | doing something very nice | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | |||
+ | Going back to the first example, imagine I have a '' | ||
+ | |||
+ | <code bash> | ||
+ | $ cat backdoor.sh #evil file | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ cat legit.sh #actually echoes doing something very nice! | ||
+ | # | ||
+ | echo doing something very nice! | ||
+ | |||
+ | |||
+ | $ diff -Naur backdoor.sh legit.sh | ||
+ | --- backdoor.sh 2015-09-17 16: | ||
+ | +++ legit.sh 2015-09-17 16: | ||
+ | @@ -1,4 +1,2 @@ | ||
+ | # | ||
+ | -echo doing something very nice! | ||
+ | +echo doing something very nice! | ||
+ | |||
+ | $ diff -Naur backdoor.sh legit.sh > file.patch | ||
+ | $ patch legit.sh -R file.patch | ||
+ | $ chmod +x legit.sh | ||
+ | $ ./ | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | === Hint: === | ||
+ | '' | ||
+ | |||
+ | |||
+ | s/ | ||
- | See man 1 tput | ||
- | See man 5 terminfo for the complete list of commands and more details on these options. (The corresponding tput command is listed in the Cap-name column of the huge table that starts at line 81.) |