• News
  • Security
  • Products
  • About Seqrite
Blogs on Information Technology, Network & Cybersecurity | Seqrite Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  UTM  /  Hackers bypass UTM user credentials with simple Shell Scripts
Hackers bypass UTM user credentials with simple Shell Scripts
05 November 2019

Hackers bypass UTM user credentials with simple Shell Scripts

Written by Priyesh Khairnar
Priyesh Khairnar
UTM

Everyone loves shell scripts! No wonder then that in most of the Linux-based security products, shell scripts are heavily used. Most of the times, they are easy to develop as compared to C/C++ programs as there is no compilation headache and they are easy to prototype.

However, apart from having endless applications, shell scripts have many hidden dangers in the context of security – it is often overlooked when writing shell scripts.

For example, consider a shell script, which simply uses the ping command to check connectivity between two hosts.

#!/bin/bash

ping –c1 “$1”

 In this use case, $1 is an input that might be derived from some CGI or some other script. If an input is not properly validated, a hacker can easily exploit the command substitution.

ping –c1 “8.8.8.8 && command”

 In this example, a shell script will treat arguments passed to ping as a separate command when executing. However, there are several other ways to achieve this command substitution.

ping –c1 “8.8.8.8`command`”

ping –c1 8.8.8.8|command

ping –c1 8.8.8.8; command

 In most of the gateway-level security products such as Unified Threat Management (UTM), firewalls provide portals for the end-users. Portals facilitate many services including remote access tool download, retrieval of quarantined emails, change of user preferences, and so on.

These services expect some form of user inputs and may invoke a shell script in the backend of the software product.

Due to such exploits, an attacker can gain root permission with remote command execution on a vulnerable device by sending malicious inputs. Once a vulnerable device is accessed, an attacker can jump in the network of an organization.

Although user inputs are validated most of the times, there is always a possibility that some validations may be missing time and again.

This command substitution attack is also known as ‘Pre-Authentication Remote Command Execution’ as an attacker can run this exploit without any valid credentials.

Very recently this flaw was discovered in a firewall appliance of a reputed brand. 

In Seqrite UTM, we explicitly focus on such areas during development so that devices are not vulnerable to such common exploits.

Following are some guidelines for writing secure shell scripts:

  • Use absolute or relative paths for commands used in scripts.
  • Set correct values of PATH variable in scripts.
  • Use proper quoting for variables passed as arguments.

 Previous PostThe Seqrite Arsenal: Understanding how our solutions protect ever...
Next Post  Dealing with cybersecurity threats in the age of autonomous vehic...
Priyesh Khairnar

About Priyesh Khairnar

I'm Priyesh, a software engineer at quick heal committed to maintaining cutting edge technical skills and up-to-date industry knowledge with 3 years of experience....

Articles by Priyesh Khairnar »

Related Posts

  • Why should businesses boost the immunity of Legacy Systems?

    Legacy Systems longing for enterprise attention?

    August 6, 2020
  • utm firewall ransomware

    Seqrite UTM : Security Weapon Against Man In The Middle Attacks

    December 3, 2019
  • SSH In Nutshell : A protocol for secured network communication

    August 12, 2019
Featured Authors
  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director of Quick Heal Technologies...

    Read more..
  • Mahua Chakrabarthy
    Mahua Chakrabarthy

    A tea connoisseur who firmly believes that life is too short for dull content....

    Read more..
Topics
apt (19) Cyber-attack (35) cyber-attacks (58) cyberattack (16) cyberattacks (13) Cybersecurity (322) cyber security (31) Cyber threat (33) cyber threats (48) Data (11) data breach (55) data breaches (28) data loss (28) data loss prevention (34) data privacy (11) data protection (24) data security (15) DLP (49) Encryption (16) endpoint security (107) Enterprise security (17) Exploit (14) firewall (11) GDPR (12) hackers (11) malware (76) malware attack (23) malware attacks (12) MDM (25) Microsoft (15) Network security (22) Patch Management (12) phishing (27) Ransomware (67) ransomware attack (30) ransomware attacks (30) ransomware protection (13) security (11) Seqrite (33) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (16) windows (11)
Loading
Resources
  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies
About Us
  • About Seqrite
  • Leadership
  • Awards & Certifications
  • Newsroom
Archives
  • By Date
  • By Category
Loading

© 2025 Quick Heal Technologies Ltd. Cookie Policies Privacy Policies