1. 13

Hey Lobsters :)

bash.rock is my latest side project, a bash interpreter in cloud, it comes with many utilities like curl, Python, ImageMagick, jq, etc. Below are some snippet I created:

Generate random corporate bullshit: https://bash.rocks/w3nEB9

Compress png to webp: https://bash.rocks/YBbaJG

Generate gif with curl, jq and ImageMagick: https://bash.rocks/NBXQ3w

Any suggestions / feedback welcome! :)


A more interesting feature I haven’t fully finished is to turn your random bash snippet into an HTTP web service, like https://bash.rocks/Gxlg31/3/api?url=i.imgur.com/1uYroRF.gif which makes an obvious premium feature in future :p

  1.  

  2. 9

    nice dmesg :)

    [ 0.398587] Digging up root… [ 0.567890] Checking naughty and nice process list… [ 0.863641] Creating process schedule… [ 1.068086] Constructing home… [ 1.370319] Granting licence to kill(2)… [ 1.672790] Creating bureaucratic processes… [ 2.113170] Searching for needles in stacks… [ 2.528220] Segmenting fault lines… [ 2.592999] Waiting for children… [ 2.893594] Committing treasure map to memory… [ 2.952801] Ready!

    1. [Comment removed by author]

      1. 1

        execing curl with –output flag to /tmp makes exploit download and later on compile successfully

        Sure, but you could just do that in your regular code, no?

        Sometimes, setting a wildcard/match on specific lines should also be a good thing to do (ala cat /etc/passwd etc.).

        1. /etc/passwd isn’t very meaningful

        2. that sort of protection doesn’t fix

          A=“wd” B=“pass” C=”/etc/” cat “$C$B$A

        but also 3. you’re running as root already, and can cat shadow: https://bash.rocks/OJ5oO3

        however note that lastlog has nobody ever having logged in before.

        Finally note that jpm1’s dmesg output is obviously a joke output :)

        1. 1

          but writing to /tmp is not, therefore execing curl with –output flag to /tmp makes exploit download and later on compile successfully.

          ‘noexec’ mountpoints mostly fix this.

          1. 1

            it’s running in a cloud container and tmpfs only lives in memory.

            so far all requestors of ‘rm -rf /’ are stuck :p

        2. 1

          I love it!

          Some feedback:

          I put in a 160 line script and it doesn’t scroll on the code editor? only if I use arrow keys.

          It’d be really neat if I could create some context, like a few files on the filesystem to work with. Similar to how the html/css/js blocks of codepad work.

          Nice project!

          1. 1

            I put in a 160 line script and it doesn’t scroll on the code editor? only if I use arrow keys.

            Could you provide browser / version? Just played with chrome and it doesn’t show the problem.

            It’d be really neat if I could create some context, like a few files on the filesystem to work with. Similar to how the html/css/js blocks of codepad work.

            That’s a great idea! Would tried to make it in next or future iterations!