HACKER Q&A
📣 ofalkaed

Share your favorite examples of shell script abuse


I have a real soft spot for shell scripts with no sense of reality, exercises in a beginners enthusiasm. Like many, shell scripting was my introduction into programming and after learning bash and making those few simple scripts I learned it for I wanted to use it for everything to exploit my new knowledge. All these years later seeing the overly ambitious shell script never fails to bring back the excitement of those early successes and return a sense of scope to my own projects when bogged down in the details with nothing yet to show for it all. So share your favorite abuses or just any that come to mind.

I just came across bed, the bash editor [0], I was really expecting a complete nightmare and a massive script that barely functioned but was pleasantly surprised by how short and clean it is. Despite being essentially useless (beyond as an exercise) you could use it as an editor, I even learned/relearned a few things from it and used it for awhile on my own project.

0: https://github.com/comfies/bed/blob/master/bed

  👤 cookiengineer Accepted Answer ✓
Shellshock comes to mind as a vulnerability class. It was so popular, it made it even into the Mr.Robot TV series.

If I would describe the vulnerability series, it is something like SQL injection but for services that run shell commands in the background.

The parsers of both CGI and shells were/are so broken that I would just never run any shell command on a web server in a non-manual manner.

[1] https://en.m.wikipedia.org/wiki/Shellshock_(software_bug)

👤 quickthrower2 

    :(){ :|:& };:
The fork bomb
👤 kleer001
It's silly, but I like it:

> man man

But maybe you're not thinking of something that simple.

👤 sargstuff
Using logical and, logical or, (), shell sourcing, and command line tools to implement lisp to demo why language features/abstractions are useful.

BNF / 2nd order logic combinator style programming via data files & shell sourcing as a lead in to why learn awk.