Today burst a bash rce loophole, powerful. Look at the analysis of foreigners, feel the need to write their own understanding of this loophole.
First, the problem results from a command env.
Prototype:
env [OPTION] ... [Name=value] ... [COMMAND [ARGS] ...]
That's what man says:
Display, set, or remove environment variables,run a command in a modified environment.
My understanding is that using the key=value of the ENV command will first change th
In fact, after editing the bash script, you can use the Bash-n-X two options for script checking, not necessarily to run the program when the need to modify the script.Bash not only has the meaning of running scripts.No news is good news.I'm going to modify the original script a little bit.The-n effect I can not demonstrate now, before it is possible to directly point out the syntax errorThis is the effect
Bash script exercises and bash scripts
Exercise 1:
1. Add five users, user1,..., user5;
2. The password of each user is the same as the user name. After the password is added, the command execution result is not displayed;
3. After each user is added, it must be displayed that the user has been added successfully.
Useradd user1
Echo "user1" | passwd -- stdin user1 >/dev/null
Echo "User1 added ."
C
Bash metacharacters (upper) and bash characters
Metacharacters
Function
Example
Carriage return line feed
End a command
Space
Split elements in a command line
Ls/etc
Tab
Command auto-completion
#
Start a line of comment
# This is a comment line
"
Multiple characters referenced but allowed to be replaced
"$ File". ba
Bash internal variable, Bash variable
Bash internal variables
Some internal commands are invisible in the directory list. They are provided by the Shell itself. Common internal Commands include echo, eval, execexport, readonly, read, shift, wait, exit and point (.)
Echo variable table
Display the specified variable in the variable table to the standard output.
Ev
Bash remote code execution vulnerabilities are really much more powerful than heart drops, but the impact is not very broad, but yesterday's analysis of the article bash The Remote Code execution vulnerability analysis at the end of this paper mentions the bulk problem of the vulnerability.
One of the easiest ways to do this is to use the search engine's hacking technology, where I use the Google hacking sy
Wildcard characters in Bash (wildcard)*: Any character of any length.?: any single character []: Match range [^]: Exclude Match range [: alnum:] [: Alpha:] [: Blank:] [: cntrl:][:d Igit:] [: Graph:] [: Lower:] [:p rint:][ :p UNCT:] [: Space:] [: Upper:] [: xdigit:]Regular expressions.: Indicates matching any single character. *: Indicates that matches the preceding character any time, including 0 times. *: represents any character that matches any len
Learning bash notes-debugging shell programs and learning bash shell
In shell, the simplest debugging assistant outputs the echo statement. Many echo statements can be put into the code for debugging, but it takes enough time to locate
The information to view. You may need to output a lot to find the information you want to search.1. the most basic set-o Command Options are set-o Command Options. These opti
Location parameters$0, $1, $2, etc. .. (note that when the number of parameters is greater than 9, you should reference $ {10}, ${11 }...)Location parameter, which is passed to the script from the command line, to the function, or to a variable.Example:
#! /Bin/bash
#./Test. Sh first second third
Output:
First parameter first
$0 =./test. Sh
When the number of parameters is greater than 9:
#! /Bin/bash
#./
Telnet is unavailable !!! Tip:-bash: telnet: command not found, telnet-bashI. Check1. [root @ localhost ~] # TelnetBash: telnet: command not found2. Check whether the Telnet package is installed. The result is as follows:[Root @ localhost ~] # Rpm-qa telnet *Telnet-server-0.17-47.el6.i6863. query the xinetd status again:[Root @ localhost ~] # Service xinetd statusXinetd (pid 2967) is running...4. Run the ntsysv command to enable the Telnet service. Yo
Why can't we find the command bash: Is: the command-Linux general technology-Linux technology and application information Is not found. The following Is a detailed description. Example
To install the software today, first download a tz package and check how to install it online. The result Is half installed. When the make command Is used, the file does not exist and then the Is command Is used, the result is as follows:
Jun @ jun-laptop :~ $ Is
= ' egrep--color=auto ' 2>/dev/null/etc/profile.d/colorgrep.sh:7:alias fgrep= ' fgrep--color=auto ' 2>/dev/null/etc/profile.d/which2.csh:5:# alias which ' Alias | /usr/bin/which--tty-only--read-alias--show-dot--show-tilde '/etc/profile.d/which2.sh:4:alias Which= ' Alias | /usr/bin/which--tty-only--read-alias--show-dot--show-tilde '=================================part2Built-in Commands bash built-in commandsMany kinds ofFirst: Bash's own features see
sorting string values
Lc_type
Determines how characters are interpreted when file name expansion and pattern matching
Lc_messages
Language environment variable that determines the double-quote string that interprets the pre-dollar ($) character
Lineno
The line number currently executing in the script
LINES
Defines the number of rows visible on the terminal
MACHTYPE
System types defined in the "cpu-Com
http://tldp.org/LDP/abs/html/Advanced Bash Scripting Programming GuideAn in-depth exploration of scripting language artThis tutorial does not assume previous scripting or programming knowledge, but progresses quickly toward an intermediate/advanced level of instruction ... has been secretly in the small unix® wisdom and knowledge. It acts as a textbook, a handbook, self-taught, and as a source of reference and knowledge, Shell's scripting technology.
ArticleDirectory
Detailed description of inux bash built-in commands
Detailed description of inux bash built-in commands
A.m. I want to comment on the famous Electronic Industry Press (0) font size: T | T
Solaris 10 System Management chapter 1 Solaris 10 scheduling system tasks. This chapter introduces the shell built-in commands and Unix Command list of Solaris 10. Due to the limited len
commands,Hisfilesize defines the maximum history file size,The Histcontrol definition ignores leading spaces,Histingore defines a command that does not need to be stored, where ignoredups ignores duplicate rows, Ignorespace ignores lines with leading spaces, Ignoreboth ignores bothHistfile Defining History filesShell all parameters $* [email protected] the latter is separate, remember to use double quotation marks, otherwise read into the parameters are still separated by a space to pass to the
Basic syntax for BASH
The simplest example of--hello world!
About input, output, and error outputs
Rules for variables in BASH (similarities and differences with C language)
Basic Process Control syntax in BASH
Use of functions
2.1 Simplest example of--hello world!Almost all of the first examples of programming books to readers are t
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.