toyen
asked on
Help explain this unix command
Hello,
Can someone please explain me about a line below:
Thank you
Can someone please explain me about a line below:
Wordpress DOS Proof-Of-Concept :
for random in `seq 1 $requests`; do
curl -A Firefox -o --url "http://localhost/s?=$random"> /dev/null 2>&1 &
Thank you
ASKER
thanks for your respond woolmilkporc,
can you let me know what the line 4 should be?
also may i know if this is a command to find a vulnerable in wordpress? is is possible? i understand wordpress have a tough coding.
Thanks very much
can you let me know what the line 4 should be?
also may i know if this is a command to find a vulnerable in wordpress? is is possible? i understand wordpress have a tough coding.
Thanks very much
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sense it's running in the background, this MIGHT be an attempt to determine who many concurrent connections the App would support.
As far as vulnerabilities, DOS (Denial Of Service), would be about all it could prove..
this would explain the first line of the post.
"Wordpress DOS Proof-Of-Concept :" This should probably have a # in column 1 (comment)
So, if you implement woolmilkporc's recommendations above, and set $requests to a high enough number, you may find that the webserver / app is unusable.
As far as vulnerabilities, DOS (Denial Of Service), would be about all it could prove..
this would explain the first line of the post.
"Wordpress DOS Proof-Of-Concept :" This should probably have a # in column 1 (comment)
So, if you implement woolmilkporc's recommendations above, and set $requests to a high enough number, you may find that the webserver / app is unusable.
A "for" loop uses these numbers one by one to store them in the variable "random" to then run a curl command using this variable, like
curl -A Firefox -o --url "http://localhost/s?=1"> /dev/null 2>&1 &
curl -A Firefox -o --url "http://localhost/s?=2"> /dev/null 2>&1 &
curl -A Firefox -o --url "http://localhost/s?=3"> /dev/null 2>&1 &
.
.
.
The outputs of these curl commands are dicarded by redirecting standard output (stdout = "1") as well as standard error (stderr = "2") to the null device.
The "&" at the end is used to run the curl commands in background, so they will run in parallel.
The whole construct is missing the important " done" statement at the end (did you forget to post line 4?), and the first line
starting with "Wordpress ..." will produce an error, becaue "Wordpress" is not a shell command, afaik.
wmp