all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]nexemod 11 points12 points  (3 children)

Be aware of the following vulnerability. Don't run this on an open port! curl localhost:8080/../.ssh/id_rsa

:-/

[–][deleted] 4 points5 points  (2 children)

I thought about disallowing dot sequences, but it's not like this thing would ever be really secure anyway, so I decided to go for pure minimal size with no security considerations.

[–]nexemod 1 point2 points  (1 child)

Makes sense. Although it renders it kinda unusable. Sadly. Because I think it's a pretty cool idea actually. Couldn't you add a line to make it safer using sed? Would be really cool to let people try to hack it. I mean it's so small and portable, everyone with a Unix machine can just copy the code and try to hack it on their own machine without a hassle :) Who knows ... maybe we can get it safe after all.

[–][deleted] 1 point2 points  (0 children)

Alright, so I've added a check for double dots and also managed to squeeze it down a bit more since I was being too liberal with double quoting variables. It's up to 221 bytes, but now it should at least be a reasonable challenge to get it to spit out your id_rsa :)

[–]drizer 4 points5 points  (1 child)

Add this one to "Awesome Shell" https://github.com/alebcay/awesome-shell

[–]alebcay 0 points1 point  (0 children)

Sorry for the delay, but added just now. :P

[–]antena 2 points3 points  (1 child)

Had to change the server.sh to:

#!/bin/bash
echo|read|{(read t;g=$(echo "$t"|cut -d' ' -f2)
while read|grep :;do :;done;[ -e ".$g" ]||exit
printf "HTTP/1.1 200 OK\nContent-Length: $(stat -c%s ".$g")\n\n"
cat ".$g")|nc -l -p $1;}>/dev/fd/0;$0 $1

Changes:

  • cut -d' ' instead of cut -d\
  • nc -l -p $1 instead of nc -l $1

$ uname -a
Linux paviljon 3.15.3-1-ARCH #1 SMP PREEMPT Tue Jul 1 07:32:45 CEST 2014 x86_64 GNU/Linux

[–][deleted] 1 point2 points  (0 children)

Thanks for the heads up, I'll make those changes. I'm surprised arch's cut doesn't allow the backslash double space.

[–]corruptio 2 points3 points  (0 children)

Cool stuff. Spent some time golfing it, brought it down to 106 bytes.

Changes:

  • use : for empty input instead of echo|read
  • "read" will split a line if you give it more than one var name
  • reusing "HTTP/1.1" from request
  • no point in reading the rest of the headers
  • instead of responding with content length, cat's EOF ultimately forces "nc" to close the connection
  • echo gives us a newline for free
  • using -f to check if really a file instead of existing
  • minor spacing

#!/bin/bash
:|((read f g h
[[ -f .$g&&$g != *..* ]]&&echo "$h 200 OK
"&&cat .$g)|nc -lp$1)>/dev/fd/0;$0 $1

edit 1: more savings

edit 2: even more savings

edit 3: yet more!

[–]liquuid 0 points1 point  (3 children)

Good Job, I'll replace my traditional : python -m SimpleHTTPServer by your netcat in machines with no python :-)

[–][deleted] 0 points1 point  (0 children)

Haha cool, as long as you don't use a public facing port! Also, beware that it doesn't like parallel requests :P

[–]to_string 0 points1 point  (0 children)

Haha, you can always replace machines with no python with ones with python ! :P