”The archive contains a file with a crafted filename embedding a Base64-encoded Bash command.
-
”The archive contains a file with a crafted filename embedding a Base64-encoded Bash command. This filename, when processed by common shell operations like `ls`, `find`, or `eval`, triggers automatic execution without requiring user interaction or executable permissions.” What filename results in execution on `ls`? https://blog.polyswarm.io/vshell-linux-backdoor
-
”The archive contains a file with a crafted filename embedding a Base64-encoded Bash command. This filename, when processed by common shell operations like `ls`, `find`, or `eval`, triggers automatic execution without requiring user interaction or executable permissions.” What filename results in execution on `ls`? https://blog.polyswarm.io/vshell-linux-backdoor
@Kugg Sounds like it needs a poorly written script using it for that to happen unless I'm severely off on my "living off the land" skill set.
-
@Kugg Sounds like it needs a poorly written script using it for that to happen unless I'm severely off on my "living off the land" skill set.
@troed ”Malicious filename remains dormant until handled by a shell script or command.
Simply extracting the archive does not trigger execution.
Execution occurs only when a script or command (e.g., for f in *, echo $f, eval, printf, or logging utilities) expands or evaluates the filename.” https://www.trellix.com/blogs/research/the-silent-fileless-threat-of-vshell/ -
@troed ”Malicious filename remains dormant until handled by a shell script or command.
Simply extracting the archive does not trigger execution.
Execution occurs only when a script or command (e.g., for f in *, echo $f, eval, printf, or logging utilities) expands or evaluates the filename.” https://www.trellix.com/blogs/research/the-silent-fileless-threat-of-vshell/@troed Checks notes … ok ill go home and add some quotes on my shell scripts asap. I’m so old I have learnt and forgotten about this trick twice.
-
@troed Checks notes … ok ill go home and add some quotes on my shell scripts asap. I’m so old I have learnt and forgotten about this trick twice.
