Detecting the use of “curl | bash” server side and exploiting this.

cat << EOF | curl -X PUT -d @-


I’m sure you’ve seen and the bag of other sites that advocate things¬†like

\curl -sSL | bash -s stable

Now the issue has gotten much worse, as it’s possible to detect use of curl/wget and send a different payload to the executing command.


This is done by the way network buffers are handled with sleeping code, and allows the server to send an alternate response when detecting the sleep in the client. Here is a working proof of concept and  discussion.


Leave a Reply

Your email address will not be published. Required fields are marked *