Leeloo on Nostr: That's not quite safe. You should download it to a local file, then execute the file. ...
That's not quite safe. You should download it to a local file, then execute the file.
There was a proof of concept a few years ago that allowed the server to detect whether the output of curl was piped to bash or not and send a different script to bash than the one you just viewed.
I don't remember how they did it, my guess would be inserting a sleep in the script and checking whether the connection blocks (bash will sleep, less won't), but even sending your payload only to the second connection from the same ip will fool those who follow your instructions.
There was a proof of concept a few years ago that allowed the server to detect whether the output of curl was piped to bash or not and send a different script to bash than the one you just viewed.
I don't remember how they did it, my guess would be inserting a sleep in the script and checking whether the connection blocks (bash will sleep, less won't), but even sending your payload only to the second connection from the same ip will fool those who follow your instructions.