SANS Penetration Testing

Pen Test Poster: "White Board" - Bash - Sudo... Make Me a Sandwich

Board Elements_clean_SudoG㬠Make Me a Sandwich

By Matthew Toussain, Geoff Pamerleau



The other day, while working on setting up a new virtual machine for testing purposes, I ran the following command to get my networking configured ifconfig enp0s8 down only to be greeted with the following:




GAH! Why do I need root privileges to bring up or down an interface? Why do I need to be root in order to use dhclient to get assigned an IP address via DHCP? Sigh. Well it's no big issue, I just ran sudo !! to run the last command but this time as root. Ok, that was easy enough. To be honest, accidently running a command without sudo happens more often than I'd like to admit. To make life easier, and to save a few keystrokes in the long run, it can pay dividends to make an alias that will do the equivalent of sudo !!


Command Breakdown

alias gah='sudo $(history -p \!\!)'

1. alias - Bash feature that allows us to map a string to a simple command
2. gah - The name of the alias that we are creating
3. ='COMMAND' - What to do when we run gah on the command line. Command defined between single quotes
4. sudo - Command that will allows us to execute the following command as a different user
5. $(history -p \!\!) - Bash evaluated expression that will print out the last command that was run and all supplied arguments.


Now when I try to bring the interface back up and forget to use sudo I can just type gah in frustration:



To make this more permanent I added it to the .bashrc file in my home directory (~/.bashrc) so that it will be available whenever I pull up a terminal.



One useful alias down? maybe I should finally get around to adding one for gerp='grep'?


While we're talking productivity, along the same track as the !! operator in bash (repeat the previous command) is: bash_history.


The history command lists previous commands, executed commands by number, and can be referenced by running !# to rerun any previous command. This can be extremely useful when scripting in shorthand. For instance, I recently put together an auto upload unpacker script for a webpack and nodejs website we were building. The resulting command was:

rm -rf site.bak/*;cp ndist.tar.gz dist.tar.gz; mv * site.bak/;mv site.bak/wordpress/ ./;cp site.bak/dist.tar.gz ./;tar -xvf dist.tar.gz ;mv dist/* ./;mv site.bak/ ./;chmod -R 555 /var/www/; chmod -R 700 /var/www/;chown -R www-data /var/www/;rm -rf dist/; rm -rf ndist.tar.gz

But I'd already run each of these commands individually and was looking to compile them into a single bash script. To accomplish that with history I ran this:

echo "rm -rf site.bak/*;!1804; !1805;!1806;!1807;!1756; !1757;!1808;!1809;!1810;!1811;!1812" > && chmod +x


Now all I have to do to unpack a new build of the site is run:



Another great feature of history is its text matching. For instance, I frequently log into my blog's VPS to tinker. Rather than type out the full ssh command I can execute !ssh. This will run the most recent command in my bash_history beginning with ssh.


In the above case this could be shortened further to !ss or even !s presuming that the most recent history entry starting with the letter s is the desired command. Endless productivity through bash!

Matthew Toussain


Upcoming SANS Special Event - 2018 Holiday Hack Challenge


SANS Holiday Hack Challenge - KringleCon 2018

  • Free SANS Online Capture-the-Flag Challenge
  • Our annual gift to the entire Information Security Industry
  • Designed for novice to advanced InfoSec professionals
  • Fun for the whole family!!
  • Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
  • Learn more:
  • Play previous versions from free 24/7/365:

Player Feedback!

  • "On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team." - @mikehodges
  • "#SANSHolidayHack Confession — I have never used python or scapy before. I got started with both today because of this game! Yay!" - @tww2b
  • "Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa" - @dnlongen

Post a Comment


* Indicates a required field.