"Detecting the use of "curl | bash" server side" (as opposed to curl & save to a file).
Now this is some very clever, and scary, stuff. It's possible to detect if a request is being piped directly into or just saved to a file. You can use this to send a different file (& commands!) only when it's going straight into bash.

@ebel the scariest part is this is two years old news, and yet nothing has changed.

Nobody really cares. 😞

@ebel Neat! I really wonder if this has even been exploited in the wild so far.

@nikola In theory, it would be hard to detect unless you know about it, because you'd always presume it'd be the same....

Even detecting it would be hard, cause you'd have to simulate a bash shell, but not get hacked yourself. Some weird VM trickery would be needed....

$DEITY! You could use that to do some very evil shit.

@ebel minimally you should curl to file and verify checksums anyway

better yet, don't run random stuff people post on the Internet :)

Warning: unpopular opinion Show more

Sign in to participate in the conversation

Moytura. Destroy the old gods.