bash: --dbs command not found & others [duplicate] - bash

This question already has answers here:
When to wrap quotes around a shell variable?
(5 answers)
Closed 6 years ago.
I am doing some pentests against one of my websites that is currently being built (a school project)
And I am trying to make sure it's security at it's best.
(Yes, I do have the correct parameters and the site is vulnerable to SQLi Injections.
It does continue it's scan but it will then ask the [y/n] and I choose [y] and it just stops and doesn't scan. I've tried doing a fresh clone of sqlmap and that didn't work.
Anything that can help would be appreciated.
root#kali:~# sqlmap -u http://myschoolproject.com/ --dbs
[1] 1372
bash: --dbs: command not found
(It will scan until asked a [y/n])
it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
[1]+ Stopped sqlmap -u http://myschoolproject.com/

That sounds like you have a & in there. In bash, foo & bar runs the command foo in the background and bar in the foreground.
So if your URL actually looks like http://myschoolproject.com/index.php?cat=4&attr=95,76, that command is interpreted as
sqlmap -u http://myschoolproject.com/index.php?cat=4 &
attr=95,76 --dbs
The first command runs sqlmap in the background (with a truncated URL); this explains the [1] 1372 part (that's what bash shows then starting a background process). The second command runs --dbs in the foreground (with attr set to 95,76 in the environment); this explains the bash: --dbs: command not found error.
In any case, the solution is to quote the URL with single quotes:
sqlmap -u 'http://myschoolproject.com/index.php?cat=4&attr=95,76' --dbs

Related

Unable to run xdotool commands from within a bash script [duplicate]

This question already has answers here:
How do I set a variable to the output of a command in Bash?
(15 answers)
Closed 11 months ago.
I've recently been having some trouble with xdotools and bash scripting. I've dipped my toes into make my Linux install look a little bit nicer, and so I decided to have a bash script open up a window upon login to my DE displaying htop. I have managed to automate the process of opening the window, but I am unable to move the windows because I cannot get the proper window ID as the terminal reports this;
./htop.sh: line 5: search: command not found
Obviously "htop" is the name of the file and "search" is the command I am trying to run to get the window id. Also, to provide some context to this with my code:
#!/bin/bash
# displays 'htop' in the bottom right corner of the screen
xfce4-terminal --hide-borders --hide-toolbar --hide-menubar --title=HTOP --command="bash -c 'clear;htop;$SHELL'" &
WINDOWID=xdotool search --name "HTOP" &
xdotool windowmove $WINDOWID 4526 850 &
Anyways, whenever I run the line,
xdotool search --name "HTOP" # HTOP is the title of the terminal window I open
within my terminal everything works just fine, and as long as the window that the script opens is actually open, it spits out the window ID that I need to further preform the "windowmove" command. So I guess my question is; is this just a bug of xdotool that you cannot preform the functions from withing a bash script? or did I just mess up my syntax somewhere?
WINDOWID=xdotool search --name "HTOP" &
What you are doing here is assigning the string "xdotool" to the variable $WINDOWID.
As the string is followed by a space, your shell interprets everything after the space as a separate command.
If you want to assign the output of a command to a variable you can do that like this:
WINDOWID=&(xdotool search --name "HTOP")
Or by using the deprecated way with backticks:
WINDOWID=`xdotool search --name "HTOP"`
Also note that it makes no sense to run the commands in your script in background (&). Each command relies on the previous to produce a correct result, so what you actually want to do is run them in series, meaning without the trailing &.

Bash - Command substituting $(ping google.com) outputs to terminal [duplicate]

This question already has answers here:
How to store standard error in a variable
(20 answers)
Closed 12 months ago.
I've been writing a script whose weird behavior's been driving me nuts, but I've managed to find what might be the problem: command substituting like this
out="$(ping google.com)"
if done while the internet isn't available, outputs this to the terminal
ping: google.com: Temporary failure in name resolution
even though, from my understanding, the command being substituted is run in a subshell, and so the output of the command should not go to stdout, but only be passed as the value of the variable. In fact, if done while the internet is available, the command substitution outputs nothing to the terminal, as expected.
I'm not sure if this is what's causing problems in my script, because I'm running a slightly more elaborate command (out="$(timeout 5 ping google.com | grep -c failure)"), but my theory is that something weird is happening that messes up later operations with variables and substitutions.
Why is this happening? And why does it only happen when the ping command fails to reach google.com? Thank you for your time.
The output is not going to stdout, it's going to stderr, and is printed to the terminal directly. Use out="$(ping google.com 2>&1)" to get all the output (stderr and stdout) in your out variable, or consider using exit codes for your command.

Docker command line arguments with values, when to use space vs when to use equals sign [duplicate]

This question already has an answer here:
Equals vs space ("-o=value" vs "-o value") in *nix command line programs - best practices? [closed]
(1 answer)
Closed 4 years ago.
I'm using the Docker command line interface. I've found out (by trying it) that I can add arguments with values both like this:
$ docker build -t foo/bar .
And like this:
$ docker build -t=foo/bar .
Both have the same result.
However, I can't seem to find in the docs which version is preferred (or deprecated). I also haven't found explicit mentioning of both forms, just implicit examples of both forms.
For example:
In the Docker documentation I see
Boolean options take the form -d=false.
A little later I see:
$ docker run -i -t --name test busybox sh
And below that I see:
Options like --name="" expect a string, and they can only be specified
once. Options like -c=0 expect an integer, and they can only be
specified once.
In another part of the docs I see:
$ docker run --name my-redis -d redis
So both forms are used and (I suspect) valid.
Is this true? Does it make a difference which form I use?
Using space instead of = is more UNIX way of passing values to the command line arguments.
However, for being more descriptive while writing the command = can be used.

How do I send commands to the ADB shell directly from my app?

I want to send commands in the ADB shell itself as if i had done the following in cmd.
>adb shell
shell#:/ <command>
I am using python 3.4 on a windows 7 OS 64bit machine. I can send one-line shell commands simply using subprocess.getoutput such as:
subprocess.getoutput ('adb pull /storage/sdcard0/file.txt')
as long as the adb commands themselves are recognized by ADB specifically, such as pull and push, however there are other commands such as grep that need to be run IN the shell, like above, since they are not recognized by adb. for example, the following line will not work:
subprocess.getoutput ('adb shell ls -l | grep ...')
To enter the commands in the shell I thought I needed some kind of expect library as that is what 'everyone' suggests, however pexpect, wexpect, and winexpect all failed to work. they were written for python 2 and after being ported to python 3 and my going through the .py files by hand, even those tweaked for windows, nothing was working - each of them for different reasons.
how can i send the input i want to the adb shell directly?
If none of the already recommended shortcuts work for you you can still go the 'regular' way using 'subprocess.Popen' for entering commands in the adb shell with Popen:
cmd1 = 'adb shell'
cmd2 = 'ls -l | grep ...'
p = subprocess.Popen(cmd1.split(), stdin=PIPE)
time.sleep(1)
p.stdin.write(cmd2.encode('utf-8'))
p.stdin.write('\n'.encode('utf-8'))
p.stdin.flush()
time.sleep(3)
p.kill()
Some things to remember:
even though you import subprocess you still need to invoke subprocess.Popen
sending cmd1 as a string or as items in a list should work too but '.split()' does the trick and is easier on the eyes
since you only specidfied you want to enter input to the shell you only need stdin=PIPE. stdout would only be necessary if you wanted to receive output from the shell
time.sleep(1) isn't really necessary, however since many complained about input issues being faster or slower in python 2 vs 3 consider maybe using it. 'they' might have been using versions of 'expect' that need the shell's reply first. this code also worked when i tested it with simply swapping out and in the process with time.sleep(0)
stdin.write will return an error if the input is not encoded properly. python's default is unicode. entering by binary did not work for me in my tests like this "b\ls ..." but .encode() worked. dont forget the endline!
if you use .encode() there is a worry that the line might not get sent properly, so to be sure it might be good to include a flush().
time.sleep(3) is completely uneccesary, but if your command takes a long time to execute (eg a regressive search through the entire device piped out to a txt file on the memory card) maybe give it some extra time before killing anyhting.
remember to kill. if you didnt kill it, the pipe may remain open, and even after exiting the test app on the console the next commend still went to the shell even though the prompt appearsed to be my regular cmd prompt.
Amichai, I have to start with pointing out that your own "solution" is pretty awful. And your explanation makes it even worse. Doing all those unnecessary things just because you do not understand how shell (here I mean your PC's OS shell, not adb) command parsing works.
When all you needed was just this one command:
subprocess.check_output(['adb', 'shell', 'ls /storage/sdcard0 | grep ...']).decode('utf-8')

OSX Malicious Terminal Command (colon, brackets, curly brackets, apersand, etc) [duplicate]

This question already has answers here:
The Bash command :(){ :|:& };: will spawn processes to kernel death. Can you explain the syntax?
(4 answers)
Closed 8 years ago.
Ok, so someone "challenged" me to enter this into my OSX Terminal, but I have no idea what it would do:
WARNING to the reader: the following line can be harmful; do NOT enter it unless you know what you are doing:
:(){ :|:& };:
Any ideas?
It's a fork bomb. Don't do it. (Actually, as GB pointed out quickly, the copy here started out as a broken fork bomb. It was missing its final colon.) Still, if someone says, "Try this command" while snickering, and you don't know what it does, common sense says...
Edit: The one you have here is pretty famous as a work of art by Jaromil, a digital artist.
Breaking down the command so it's actually understandable:
:() #Define new function
#named ':'
{ #Begin function definition
#block
:|:& #Pipe the very ':' function through itself,
#creating two processes, and make the
#resulting copy run in the background
#(the & part)
} #End function definition block
;: #Call ':' for the first time, initiating a chain
#reaction: each instance of ':' will create two
#more instances, ad infinitum
Then again, from my experience Mac OS X happens to have a per-user limit for the number of processes one can execute, so unless you actually have the guts to run the fork bomb under a sudo -s or sudo -i shell, you should be fine.
It does nothing harmful, since Mac OS X has a (per-user) upper bound for number of processes.
Absolutely nothing. It's an incomplete version of the "fork bomb", missing a colon at the end.
Fork bomb!
I mean... fun bomb! Give it a try inside a virtual machine.
On properly configured systems it doesn't do much harm, you should be able to try it.

Resources