SANS Penetration Testing

A Spot of Tee

The Restricted Bash Shell

By Daniel Pendolino
Counter Hack

The Bash shell is a nearly ubiquitous way to interact with a Linux console. A little know feature is the restricted Bash shell, which you can invoke by calling rbash or bash --restricted. While it isn't something you would normally opt into, it certainly a situation I've been placed in due to strict polices or limited device resources. Here are some of the limitations imposed:

  • Setting or unsetting the values of the SHELL, PATH, ENV, or BASH_ENV variables.
  • Specifying command names containing slashes.
  • Specifying a filename containing a slash as an argument to the . builtin command.
  • Specifying a filename containing a slash as an argument to the -p option to the hash builtin command.
  • Importing function definitions from the shell environment at startup.
  • Parsing the value of SHELLOPTS from the shell environment at startup.
  • Redirecting output using the '>', '>|', '<>', '>&', '&>', and '>>' redirection operators.
  • Using the exec builtin to replace the shell with another command.
  • Adding or deleting builtin commands with the -f and -d options to the enable builtin.
  • Using the enable builtin command to enable disabled shell builtins.
  • Specifying the -p option to the command builtin.
  • Turning off restricted mode with 'set +r' or 'set +o restricted'.

Selection_031

Dotting I's and Crossing Tees

Tee is a wonderful utility that soaks up stdin and sends it all to a file along with stdout. It's just the trick to get around a restricted shell where I/O redirection is being blocked. With tee it's possible to bypass rbash's I/O restrictions and send arbitrary data to a file.

Selection_032

Tee can even be used to append data to a file with the -a flag.

-Daniel Pendolino
Counter Hack

Bash restrictions sourced from gnu.org

Upcoming SANS Special Event - 2018 Holiday Hack Challenge

KringleCon

SANS Holiday Hack Challenge - KringleCon 2018

  • Free SANS Online Capture-the-Flag Challenge
  • Our annual gift to the entire Information Security Industry
  • Designed for novice to advanced InfoSec professionals
  • Fun for the whole family!!
  • Build and hone your skills in a fun and festive roleplaying like video game, by the makers of SANS NetWars
  • Learn more: www.kringlecon.com
  • Play previous versions from free 24/7/365: www.holidayhackchallenge.com

Player Feedback!

  • "On to level 4 of the #holidayhackchallenge. Thanks again @edskoudis / @SANSPenTest team." - @mikehodges
  • "#SANSHolidayHack Confession — I have never used python or scapy before. I got started with both today because of this game! Yay!" - @tww2b
  • "Happiness is watching my 12 yo meet @edskoudis at the end of #SANSHolidayHack quest. Now the gnomes #ProudHackerPapa" - @dnlongen
kringle_02

2 Comments

Posted December 30, 2017 at 7:24 PM | Permalink | Reply

Clare Johnson

Looking forward to the webcast

Posted March 10, 2018 at 11:55 AM | Permalink | Reply

MS One Note Support

First, thank you for the well-written Article. Second, you can share shell information ant its features or usage and its method. But the handling of shell it's not an easy thing you must have to know everything. again am saying happy to read this.

Post a Comment






Captcha


* Indicates a required field.