"Detecting the use of "curl | bash" server side" (as opposed to curl & save to a file).
Now this is some very clever, and scary, stuff. It's possible to detect if a #HTTPS request is being piped directly into #bash or just saved to a file. You can use this to send a different file (& commands!) only when it's going straight into bash.
@ebel Oh my.
@ebel the scariest part is this is two years old news, and yet nothing has changed.
Nobody really cares. 😞
@ebel Neat! I really wonder if this has even been exploited in the wild so far.
@nikola In theory, it would be hard to detect unless you know about it, because you'd always presume it'd be the same....
Even detecting it would be hard, cause you'd have to simulate a bash shell, but not get hacked yourself. Some weird VM trickery would be needed....
@ebel so cool
$DEITY! You could use that to do some very evil shit.
@ebel minimally you should curl to file and verify checksums anyway
better yet, don't run random stuff people post on the Internet :)
Moytura. Destroy the old gods.