zlacker

[parent] [thread] 3 comments
1. michae+(OP)[view] [source] 2018-07-29 02:46:39
On the evading detection side, one other simple way to avoid this is to add sponge[0] between curl and bash in the pipeline, i.e. curl ... | sponge | bash. sponge consumes all input until EOF before outputting anything, stopping bash from executing a partially downloaded script.

[0] https://linux.die.net/man/1/sponge

replies(2): >>skunkw+x2 >>andrew+D8
2. skunkw+x2[view] [source] 2018-07-29 03:37:14
>>michae+(OP)
If you're on a Mac or a system that doesn't have sponge installed by default, use moreutils to install.

https://joeyh.name/code/moreutils/ https://rentes.github.io/unix/utilities/2015/07/27/moreutils...

replies(1): >>mehrda+l5
◧◩
3. mehrda+l5[view] [source] [discussion] 2018-07-29 04:46:35
>>skunkw+x2
Thanks, this is helpful!
4. andrew+D8[view] [source] 2018-07-29 06:08:05
>>michae+(OP)
Just curl it to tee or redirect to a file and you know it won't change before you execute the script file.

There's nothing stopping somebody from even more trivially just sending each IP a benign script once (per curl user agent) and a malicious script the second time. Putting it in a file and executing the file brings it entirely into your domain of control.

[go to top]