Help explain this unix command

Posted on 2011-05-01
Medium Priority
Last Modified: 2012-05-11

Can someone please explain me about a line below:

Wordpress DOS Proof-Of-Concept :
for random in `seq 1 $requests`; do
curl -A Firefox -o --url "http://localhost/s?=$random">  /dev/null 2>&1 &

Thank you
Question by:toyen
  • 2
LVL 68

Expert Comment

ID: 35500114
The statement creates an "array" of numbers starting at "1" up to the value stored in the variable "requests", using the "seq" utiity.

A "for" loop uses these numbers one by one to store them in the variable "random" to then run a curl command using this variable, like

curl -A Firefox -o --url "http://localhost/s?=1">  /dev/null 2>&1 &
curl -A Firefox -o --url "http://localhost/s?=2">  /dev/null 2>&1 &
curl -A Firefox -o --url "http://localhost/s?=3">  /dev/null 2>&1 &

The outputs of these curl commands are dicarded by redirecting  standard output (stdout = "1") as well as  standard error (stderr = "2") to the null device.

The "&" at the end is used to run the curl commands in background, so they will run in parallel.

The whole construct is missing the important " done" statement at the end (did you forget to post line 4?), and the first line
starting with "Wordpress ..." will produce an error, becaue "Wordpress" is not a shell command, afaik.


Author Comment

ID: 35500212
thanks for your respond woolmilkporc,

can you let me know what the line 4 should be?

also may i know if this is a command to find a vulnerable in wordpress? is is possible? i understand wordpress have a tough coding.
Thanks very much
LVL 68

Accepted Solution

woolmilkporc earned 2000 total points
ID: 35500258
for random in `seq 1 $requests`; do
curl -A Firefox -o --url "http://localhost/s?=$random">  /dev/null 2>&1 &

As for the curl command itself - the statement does nothing else than calling the URL http://localhost/ which is the default page of your local machine's webserver, passing it the parameter "s" set to 1,2,3,..., using Firefox as the user agent.

Do you run a local Wordpress server? Otherwise I could not see which way this curl should be useable to test Wordpress - and even there were a local Wordpress server, you would only fetch what the server would give you when receiving s=1,2,3.... and I can't tell you whether this could be useful for finding vulnerabilities, sorry!

By the way, "-o" normally designates an output file whose name seems to be missing here by mistake - correct form should be "-o /path/to/outputfile".

Expert Comment

ID: 35504316
Sense it's running in the background, this MIGHT be an attempt to determine who many concurrent connections the App would support.

As far as vulnerabilities, DOS (Denial Of Service), would be about all it could prove..
this would explain the first line of the post.

"Wordpress DOS Proof-Of-Concept :"   This should probably have a # in column 1 (comment)

So, if you implement woolmilkporc's recommendations above, and set $requests to a high enough number, you may find that the webserver / app is unusable.

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question