1. 13
    bash.rocks: run and share your favorite shell in browser show programming bash.rocks
    mzh avatar authored by mzh 6 years ago |
    Archive.org Archive.today Ghostarchive
    | 6 comments

Hey Lobsters :)

bash.rock is my latest side project, a bash interpreter in cloud, it comes with many utilities like curl, Python, ImageMagick, jq, etc. Below are some snippet I created:

Generate random corporate bullshit: https://bash.rocks/w3nEB9

Compress png to webp: https://bash.rocks/YBbaJG

Generate gif with curl, jq and ImageMagick: https://bash.rocks/NBXQ3w

Any suggestions / feedback welcome! :)

A more interesting feature I haven’t fully finished is to turn your random bash snippet into an HTTP web service, like https://bash.rocks/Gxlg31/3/api?url=i.imgur.com/1uYroRF.gif which makes an obvious premium feature in future :p

    1. 9
      duck_of_death avatar duck_of_death edited 6 years ago | link

      nice dmesg :)

      [ 0.398587] Digging up root… [ 0.567890] Checking naughty and nice process list… [ 0.863641] Creating process schedule… [ 1.068086] Constructing home… [ 1.370319] Granting licence to kill(2)… [ 1.672790] Creating bureaucratic processes… [ 2.113170] Searching for needles in stacks… [ 2.528220] Segmenting fault lines… [ 2.592999] Waiting for children… [ 2.893594] Committing treasure map to memory… [ 2.952801] Ready!

      1. duraki avatar duraki 6 years ago | link

        [Comment removed by author]

        1. 1
          grahamc avatar grahamc 6 years ago | link

          execing curl with –output flag to /tmp makes exploit download and later on compile successfully

          Sure, but you could just do that in your regular code, no?

          Sometimes, setting a wildcard/match on specific lines should also be a good thing to do (ala cat /etc/passwd etc.).

          1. /etc/passwd isn’t very meaningful

          2. that sort of protection doesn’t fix

            A=“wd” B=“pass” C=”/etc/” cat “$C$B$A

          but also 3. you’re running as root already, and can cat shadow: https://bash.rocks/OJ5oO3

          however note that lastlog has nobody ever having logged in before.

          Finally note that jpm1’s dmesg output is obviously a joke output :)

        2. 1
          jimdigriz avatar jimdigriz 6 years ago | link

          but writing to /tmp is not, therefore execing curl with –output flag to /tmp makes exploit download and later on compile successfully.

          ‘noexec’ mountpoints mostly fix this.

        3. 1
          mzh avatar mzh 6 years ago | link

          it’s running in a cloud container and tmpfs only lives in memory.

          so far all requestors of ‘rm -rf /’ are stuck :p

          1. duraki avatar duraki 6 years ago | link

            [Comment removed by author]

    2. 1
      grahamc avatar grahamc 6 years ago | link

      I love it!

      Some feedback:

      I put in a 160 line script and it doesn’t scroll on the code editor? only if I use arrow keys.

      It’d be really neat if I could create some context, like a few files on the filesystem to work with. Similar to how the html/css/js blocks of codepad work.

      Nice project!

      1. 1
        mzh avatar mzh 6 years ago | link

        I put in a 160 line script and it doesn’t scroll on the code editor? only if I use arrow keys.

        Could you provide browser / version? Just played with chrome and it doesn’t show the problem.

        It’d be really neat if I could create some context, like a few files on the filesystem to work with. Similar to how the html/css/js blocks of codepad work.

        That’s a great idea! Would tried to make it in next or future iterations!