I'm exercising with DVWA high level command injection. I know there is a hole for |, but I'm looking for a way to get an output like the following:
root#vwksOffensive:~# ping -c 4 10.0.0.1 ; ls
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3066ms
a a_post Documenti Immagini Modelli Musica pocl rockyou.txt Scrivania WebScarab.properties
Add b hash JavaSnoop.properties mtu plain Pubblici Scaricati Video
root#vwksOffensive:~#
starting from
<<<printf "[ping ip argument] \u003B the_command_I_choose"
My problem is that can do this:
root#vwksOffensive:~# ping -c 4 <<<printf "10.0.0.1"
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3055ms
root#vwksOffensive:~#
but I'm not able to do this:
root#vwksOffensive:~# ping -c 4 <<<printf "10.0.0.1 \u003b ls"
PING 10.0.0.1 \u003b ls (10.0.0.1) 56(84) bytes of data.
--- 10.0.0.1 \u003b ls ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3075ms
root#vwksOffensive:~#
and not even this:
root#vwksOffensive:~# ping -c 4 <<<printf "10.0.0.1 ; ls"
PING 10.0.0.1 ; ls (10.0.0.1) 56(84) bytes of data.
--- 10.0.0.1 ; ls ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3075ms
root#vwksOffensive:~#
I searched deeply and the most similar, if it could be said so, is the first answer to this question:
How to make a bash function which can read from standard input?
Unfortunately, this did not help me completely, so I decided to post here my question because I'm sure that, in my ignorance, I'm missing something.
The solution must contain the char ; or any other needed special char coded in unicode. The forbidden, substituted with blank, char are the following:
$substitutions = array(
'&' => '',
';' => '',
'| ' => '',
'-' => '',
'$' => '',
'(' => '',
')' => '',
'`' => '',
'||' => '',
);
if the "command you choose" is in a variable like this:
mycmd="ls -l"
then you can wrap your command and other commands in a sub-shell surrounded by this: ( )
The output for the sub-shell can be re-directed into any other command that you want. e.g. tail, grep, > $log, etc.
The ip addresses that you want to send ping can also be in a variable name:
myip=10.0.0.1
(ping $myip ; $mycmd ) > logfile.txt
It is not clear why you would want to send it in with <<< instead of directly on the command line. If you must use <<<, then still try wrapping the commands in () parenthesis and put a carriage return after the <<< 10.0.0..
and the "ls -l". The parenthesis will tell bash that the command is not done until the closing parenthesis is seen. The carriage return will stop the <<< from consuming the next command.
Related
This question already has answers here:
How to compare strings in Bash
(12 answers)
Closed 2 years ago.
Ok I need help figuring out why this code doesn't work, I've listed my problem below the code.
#!/bin/bash
if [ "$1" == "" ]
then
echo "You forgot an IP adress!"
echo "Syntax: ./ipsweep.sh xxx.xxx.x"
else
for ip in `seq 1 254`; do
ping -c 1 $1.$ip | grep "64 bytes" | cut -d " " -f 4 | tr -d ":" &
done
fi
now when I run the command ./ipsweeper.sh the program still runs even though the input is nothing. Please help can't see where it fails.
This:
if [ "$1" == "" ]
should be changed to:
if [ -z "$1" ]
-z is true if the string is zero length.
== is used with [[ ]] while = is used with [ ].
You can read more about bash string comparison in How to Compare Strings in Bash.
You can also check for...
pingit(){
ping -c1 ${1}
}
if [ ${#} -gt 0 ]
then
pingit ${1}
fi
...the number of arguments. Then you can source it without argument or use it with argument...
# . pingit.sh
# pingit localhost
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.058 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.058/0.058/0.058/0.000 ms
# sh pingit.sh localhost
PING localhost(localhost (::1)) 56 data bytes
64 bytes from localhost (::1): icmp_seq=1 ttl=64 time=0.031 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.031/0.031/0.031/0.000 ms
host.txt:
www.google.com
test.sh:
#!/usr/bin/env bash
while IFS=$'\n' read -r line; do
echo $line
echo "#1"
ping -c 1 $line
line2="www.google.com"
echo "#2"
ping -c 1 $line2
done < $hostfile
exit 0
output:
> test.sh
www.google.com
#1
ping: unknown host www.google.com
#2
PING www.google.com (74.125.206.147) 56(84) bytes of data.
64 bytes from wk-in-f147.1e100.net (74.125.206.147): icmp_seq=1 ttl=46 time=22.1 ms
--- www.google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 22.111/22.111/22.111/0.000 ms
Could someone tell why first ping failed?
Thanks.
Possibly your txt file contains CRLF line endings
and bash actually tried to ping www.google.com^M name.
I am using this script to check a list of ips I own to see if they are on the spam block list.
auto.sh:
while read ip ; do
./blacklist.sh $ip
done < block.txt
blacklist.sh is the above linked script.
block.txt lists each of my ips one line at a time (I have several /22).
A typical output of a blocked ip scan looks like this:
Warning: PTR lookup failed
b.barracudacentral.org : 127.0.0.2
bb.barracudacentral.org : 127.0.0.2
black.junkemailfilter.com : 127.0.0.2
cbl.abuseat.org : 127.0.0.2
cidr.bl.mcafee.com : 127.0.0.4
dnsbl.justspam.org : 127.0.0.2
hostkarma.junkemailfilter.com : 127.0.0.2
----------------------------------------------------------
Results for <my ip>
Tested: 117
Passed: 110
Invalid: 0
Blacklisted: 7
----------------------------------------------------------
what I want to do is have the script spit out output to a file when the text above doesn't say "Blacklisted: 0".
I am not sure how to approach this, will this work?
sudo ./auto.sh "conditions where Blacklisted: is > 0" >> 12.txt
Thanks for any help
Put the output in a temporary file and
then check its content:
./auto.sh > 12_temp.txt
grep -q 'Blacklisted:[ \t]*0$' 12_temp.txt || cat 12_temp.txt >> 12.txt
rm -f 12_temp.txt
I'm trying to filter ping stats in windows command line using pipe. What I want is to get the 'time' of each ping.
"ping -n 1 -w 1000 " + ip
prints
Pinging 216.52.241.254 with 32 bytes of data:
Reply from 216.52.241.254: bytes=32 time=82ms TTL=240
Ping statistics for 216.52.241.254:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 82ms, Maximum = 82ms, Average = 82ms
The output I'm looking for from that would just be 82.
and my attempt with findstr "ping -n 1 -w 1000 " + ip + ' | findstr time=[0-9]*' prints:
Reply from 216.52.241.254: bytes=32 time=83ms TTL=240
The output should just be 83 this time.
I've tried using grep ?("time=")[0-9]*ms but on top of that line probably not being right I don't think windows grep includes conditionals
For example, in Windows 7 output of command
ping -n 1 ::1
is following:
Pinging ::1 with 32 bytes of data:
Reply from ::1: time<1ms
Ping statistics for ::1:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Is it possible to get output without Ping statistics (without the last four lines in this case or without two lines in case if destination host is unreachable)?
Maybe using this command:
ping -n 1 ::1 | find "string to search"
The currently accepted answer would filter out 'Request timed out' errors. Instead, use findstr /B R, which only outputs lines that start with R:
ping -n 1 ::1 | findstr /B R