0

I am currently taking the Google cybersecurity coursera cert course. I am now in the Linux section and learning a few Linux commands, I am totally new to it but I was wondering about one thing. While I am learning I always try to think of how a defender or an attacker might use said command and recently I learnt about echo > command and how it can overwrite everything. I did check that it can be used maliciously but of course I did not understand it completely.

My question is, let's say and attacker gets access to someone's computer and wants to quickly do some damage to the user knowing he has many .txt files. Would this command work?

find /home/ -name "*.txt*" | echo "gg" > "*.txt*"

Just wondering if I am understanding this correctly. Would this basically create a command that finds all .txt files under /home/ and then pipe echo to overwrite all .txt files with the word gg?

If not, why does it not work exactly? I would like to understand why it wont work to help me understand it better, and if the idea technically works but the command is written wrong, let me know which part is wrong about it.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
  • No, it will create a file named `.txt` with `gg` on it. – ThoriumBR Jul 14 '23 at 17:49
  • Sorry, I will close the thread and only create new posts if they are security related. Thank you –  Jul 14 '23 at 18:42
  • If an attacker has shell access, and really wants to do some damage, the attacker would simply do `rm -rf /` as opposed to using `echo` commands. – mti2935 Jul 14 '23 at 19:41

2 Answers2

1

It wont work: echo does not receive parameters from a pipe. find will locate all .txt files and pipe it to echo. But echo will ignore it and just output gg.

> redirect will just try write it on a file named *.txt* if you have permission for that. It will be overwritten if it exists, it will be created if it don't exist.

ThoriumBR
  • 882
  • 7
  • 10
  • Hi Thorium, thanks for replying so quick. Could you explain what "does not recieve parameters" mean? So it would work if I put an exact file, but it wont work if I try to mass overwrite a certain type of file? –  Jul 14 '23 at 18:41
  • The name of the file will literally be `*.txt*` with verbatim asterisks. – Kamil Maciorowski Jul 15 '23 at 01:37
0

For the reasons ThoriumBR has already explained, that does not work.

You are looking for something like

shopt -s globstar
for file in **/*.txt
do
    echo "rr" > "$file"
done

or

find . -name "*.txt" -print0 | while read -d $'\0' file
do
    echo "rr" > "$file"
done
Esa Jokinen
  • 1,619
  • 10
  • 11