Tag Archives: bash

Remove duplicates without sorting file

Posted on by

Usually whenever we have to remove duplicate entries from a file, we do a sort of the entries and then eliminate the duplicates using “uniq” command.

But if we have to remove the duplicates and preserve the same order of occurrence of the entries, here is the way:

via UNIX Command Line: Remove duplicates without sorting file – BASH.

$ awk ‘ !x[$0]++’ file3

From: Unix: removing duplicate lines without sorting

This command is simply telling awk which lines to print. The variable $0 holds the entire contents of a line and square brackets are array access. So, for each line of the file, the node of the array named x is incremented and the line printed if the content of that node was not (!) previously set.

Shellshock: How does it actually work?

Posted on by

env x='() { :;}; echo OOPS' bash -c :
The “env” command runs a command with a given variable set. In this case, we’re setting “x” to something that looks like a function. The function is just a single “:”, which is actually a simple command which is defined as doing nothing. But then, after the semi-colon which signals the end of the function definition, there’s an echo command. That’s not supposed to be there, but there’s nothing stopping us from doing it.

via Shellshock: How does it actually work? | Fedora Magazine.

But — oops! When that new shell starts up and reads the environment, it gets to the “x” variable, and since it looks like a function, it evaluates it. The function definition is harmlessly loaded — and then our malicious payload is triggered too. So, if you run the above on a vulnerable system, you’ll get “OOPS” printed back at you. Or, an attacker could do a lot worse than just print things.

I copied and pasted the above env command and it echos back OOPS.  This web server has been (I suspect) scanned already once with the scanner placing a ping command in the User Agent HTTP field.  Apparently User Agent gets passed to a shell environmental variable which will then get executed.  The only problem is that they need some kind of script to execute which there are none on this site.  This site simply returned 404, file not found to the scanner.

This could be problematic on sites with a lot of cgi scripts.  There is some exploit that can affect a client using dhcp to obtain an IP address from a malicious server.  I’ll find an explanation of that and put that up in its own post.   This story is evolving and even has its own brand name now — shellshock.

Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Posted on by

What is it? A vulnerability in a command interpreter found on the vast majority of Linux and UNIX systems, including web servers, development machines, routers, firewalls, etc. The vulnerability could allow an anonymous attacker to execute arbitrary commands remotely, and to obtain the results of these commands via their browser. The security community has nicknamed the vulnerability “shellshock” since it affects computer command interpreters known as shells.

via Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild – Slashdot.

This is a very confusing issue.  I found the above comment to be the most informative right now as this issue unfolds.

How bad could it be? Very, very bad. The vulnerability may exist on the vast majority of Linux and UNIX systems shipped over the last 20 years, including web servers, development machines, routers, firewalls, other network appliances, printers, Mac OSX computers, Android phones, and possibly iPhones (note: It has yet to be established that smartphones are affected, but given that Android and iOS are variants of Linus and UNIX, respectively, it would be premature to exclude them). Furthermore, many such systems have web-based administrative interfaces: While many of these machines do not provide a “web server” in the sense of a server providing content of interest to the casual or “normal” user, many do provide web-based interfaces for diagnotics and administration. Any such system that provides dynamic content using system utilities may be vulnerable.