Modern web users fear XSS in browsers, but did you know terminals can be vulnerable too? If you cat a log file with malicious escape sequences, your terminal might execute them. Clever attackers have used this trick to inject commands, log keystrokes, or alter display output without you typing a thing. It is a form of terminal injection that relies on how terminals interpret ANSI codes. Some older terminal emulators were especially susceptible, and even today, careless logging can open the door to unexpected command execution.

#TerminalHacks #XSS #EscapeSequences #LinuxSecurity #OldSchoolExploits

Here's a #text #formatting #tip for you, especially if your text has #escapesequences in them:

col -bx < ./file.txt > ./file.txt.filtered

Note the use of '<' and '>' due to the redirect of col using ioctl().

I'm sure I've read somewhere that col(1) is deprecated. I'm sure this is utter nonsense though as it's still very prevalent on the *BSDs, so this can only be some crap to do with Linux.

As always, an excellent summary by Julia Evans:

“Terminal Colours Are Tricky” (https://jvns.ca/blog/2024/10/01/terminal-colours/).

On HN: https://news.ycombinator.com/item?id=41727971

On Lobsters: https://lobste.rs/s/by4qfk/terminal_colours_are_tricky

#Terminal #TerminalEmulator #VT100 #XTerm #Colors #EscapeSequences #ColorScheme #Theme

Ciekawy atak RCE w emulatorze terminala iTerm2

Nowoczesne emulatory terminali oferują rozbudowane funkcje, znacznie wykraczające poza pierwotną rolę obsługi tekstowych interfejsów. Użytkownicy oczekują kolorowania zwracanych informacji, zmiany stylu czy też dźwiękowych powiadomień (no dobra, pewnie terminal bell jest u większości wyłączony). Obsługa tych funkcji odbywa się przy pomocy tzw. sekwencji ucieczki (ang. escape sequences). Zaskakujący może być...

#WBiegu #Escapesequences #Iterm #Macos #Rce

https://sekurak.pl/ciekawy-atak-rce-w-emulatorze-terminala-iterm2/

A long time ago in an IT far away, ANSI control (escape) sequences and control characters were commonplace.

These were (and still are) character sequences that cause terminals and terminal emulators to change the display settings or text display size or colors, or cursor position, or to report all sorts of info, or ring the terminal bell (beep), or to perform myriad other operations.

Two examples from the OpenVMS FAQ:
«
DCL12. How to use escape and control characters in DCL?

To write a message and then the bell character, use:

$ bell[0,7] = 7
$ write sys$output "Hello''bell'"

To write blinking text, use:

$ esc[0,7] = 27
$ text = "Blinking Text"
$ write sys$output "''esc'[5m''text'''esc'[m"
»

Nowadays, these control sequences are usually only visible to developers and those others using command-line tools.

In the era before HTML and MIME, some of the common apps could render escape and control sequences too, including the OpenVMS MAIL utility.

This rendering was unfortunate, as it was possible to send DECTST, a self-test request for the terminal or terminal emulator. DECTST could be set to loop until the terminal was power-cycled, or the terminal emulator was reset, too.

ESC [ 2 ; Ps y

In some ways, these shenanigans are an older analog to injecting JavaScript alerts in websites.

Or worse, to injecting into poorly-written security-relevant code:

https://github.com/taviso/avscript

Obligatory:

https://xkcd.com/327/

For further info on ANSI and vendor-specific control sequences, see https://vt100.net and the DEC VT Terminal documentation archives there, as well as the vttest terminal emulation testing tool.

Errata / arcana: ANSI control sequences have a documented character format, which means that a terminal or terminal emulator can ignore any unknown or unwanted or undesirable sequences, without having to be coded to specifically recognize the sequences.

Above OpenVMS FAQ text from:
https://www.hoffmanlabs.com/vmsfaq/

#infosec #InfoSec #History #history #security #Security #retrocomputers #Retrocomputers #retrocomputing #ANSI #EscapeSequences #ControlSequences #digitalequipmentcorporation #DigitalEquipmentCorporation #VT100 #VMSFAQ