These days they get a reverse shell via icmp or some such and don’t even generate a bash history so it doesn’t really matter that bash with readline enables the selective prevention of command logging in bash_history.
Try this;
- get a bash shell
- type a command; maybe: zookie
- close the bash shell
- get a bash shell
- press the up arrow, there is your command, nicely in bash history.
- close the bash shell
Now try this:
- get a bash shell
- type a command, maybe: secret-command
- press the up-arrow
- ^U (or lots of backspace) to delete the command
- type a new command but don’t press enter, maybe: mundane-command
- press down-arrow
- press enter
Now if you press up-arrow you will see mundane-command instead of secret-command, if you quit the shell and get a new shell, your command history shows the mundane-command which you did NOT execute instead of the secret-command that you DID execute.
Interesting
No comments:
Post a Comment