1

When I run "cat /bin/bash",the final interactive prompt becomes

sh-5.0$ 1;2c1;2c
sh: 1: command not found
sh: 2c1: command not found
sh: 2c: command not found
sh-5.0$

And when I press "Enter", it runs something! The cat command only writes to stdout, why there are some bytes being put into stdin? Is this a vulnerability?

Improve this question

2 Answers 2

Reset to default
2

Some terminals and emulators have various "answerback" facilites where they send some text back to the computer upon reception of certain control codes. It seems likely that your bash binary contained some such control code.

And yes, this can be a vulnerability, especially if the response text can also be controlled by control codes (which one hopes it can't, nowadays, but one never knows...)

More here: https://unix.stackexchange.com/questions/15101/how-to-avoid-escape-sequence-attacks-in-terminals

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0 
# cat > file

Awaits input from user, type desired text and press CTRL+D (hold down Ctrl Key and type ‘d‘) to exit. The text will be written in test2 file. You can see content of file with following cat command.

in your case

# cat /bin/bash > fileoutput
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.