Bash Interactive Shell
Detects execution of the bash shell with the interactive flag "-i".
Sigma rule (View on GitHub)
1title: Bash Interactive Shell
2id: 6104e693-a7d6-4891-86cb-49a258523559
3status: test
4description: Detects execution of the bash shell with the interactive flag "-i".
5references:
6 - https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
7 - https://www.revshells.com/
8 - https://linux.die.net/man/1/bash
9author: '@d4ns4n_'
10date: 2023-04-07
11tags:
12 - attack.execution
13logsource:
14 category: process_creation
15 product: linux
16detection:
17 selection:
18 Image|endswith: '/bash'
19 CommandLine|contains: ' -i '
20 condition: selection
21falsepositives:
22 - Unknown
23level: low
References
-
If you’re lucky enough to find a command execution vulnerability during a penetration test, pretty soon afterwards you’ll probably want an interactive shell. If it’s not possible to add a new accou...
Read More -
Online Reverse Shell generator with Local Storage functionality, URI & Base64 Encoding, MSFVenom Generator, and Raw Mode. Great for CTFs.
Read More
Related rules
- AADInternals PowerShell Cmdlets Execution - ProccessCreation
- AADInternals PowerShell Cmdlets Execution - PsScript
- AMSI Bypass Pattern Assembly GetType
- APT29 2018 Phishing Campaign CommandLine Indicators
- AWS EC2 Startup Shell Script Change