If you're a Linux user, you've likely encountered the `cat` command countless times. It's a handy little tool that allows you to display the contents of a file on your terminal. However, using `cat` to review scripts can pose a potential security risk that you may not be aware of. By default, the `cat` command doesn't display escaped characters, hidden characters, and other non-printable characters that could be present in a script. These characters can include things like newlines, tabs, and even malicious code injections. This means that when you use `cat` to review a script, you might not be seeing the full picture, leaving your system vulnerable to potential threats. To illustrate the gravity of this issue, let's consider a scenario where you're reviewing a script from an untrusted source. The script may appear harmless at first glance when viewed with the standard `cat` command. However, hidden within its depths could be malicious code or instructions that could compromise your system's security. Without the ability to see these non-printable characters, you might inadvertently execute the script, unknowingly exposing your system to potential attacks or unintended consequences. Fortunately, there's a simple solution to this problem: the options ( , , and ) when used with the command. These options unveil the true nature of the script or text file, revealing any hidden characters, escape sequences, or non-printable characters that might have been obscured. -vet -v -e -t cat The or option displays all non-printable characters, including escape sequences and hidden characters. This option is particularly useful when reviewing scripts or text files that may contain malicious code or instructions disguised as non-printable characters. -v --show-nonprinting Here's an example of what I mean: $ cat script.sh
#!/bin/bash
echo "Hello, World!" This script appears harmless, but what if it contains hidden characters or code that could be malicious? With the default cat command, you wouldn't be able to see them. To illustrate this, let's create a script with some hidden characters: $ echo -e '#!/bin/bash\necho "Hello, World!"\n\033[8m # This line is hidden' > script.sh
$ cat script.sh
#!/bin/bash
echo "Hello, World!" As you can see, the hidden line “# This line is hidden” doesn't show up when we use cat to display the script's contents. However, when we use the -v option, the hidden line becomes visible: $ cat -v script.sh
#!/bin/bash
echo "Hello, World!"
^[[8m # This line is hidden Now, the hidden line is visible, and we can see the full contents of the script. The or option displays a character at the end of each line, making it easier to identify trailing spaces or non-printable characters that might be present. -e --show-ends $ $ cat -e script.sh
#!/bin/bash$
echo "Hello, World!"$
^[[8m # This line is hidden$ The or option displays tab characters as , making it easier to identify and distinguish tabs from spaces. -t --show-tabs ^I $ echo -e '#!/bin/bash\techo "Hello,\tWorld!"' > script.sh
$ cat -t script.sh
#!/bin/bash^Iecho "Hello,^IWorld!" By combining these options into the shorthand, you can unveil the true nature of any script or text file, ensuring that you're seeing the full picture and not inadvertently executing any potentially harmful code. The options should be incorporated into your routine, especially when dealing with files from untrusted sources or those you didn't create yourself. -vet -vet $ cat -vet script.sh
#!/bin/bash^Iecho "Hello,^IWorld!"$
^[[8m # This line is hidden$ With this added layer of visibility, you can scrutinize the script's or text file's contents thoroughly, ensuring that you're not inadvertently executing any potentially harmful code or overlooking hidden characters that could compromise your system's security. It's important to note that this issue isn't limited to just scripts; it can affect any text file that contains non-printable characters. Imagine you're reviewing a configuration file or a log file, and there are hidden characters or escape sequences that could potentially cause issues with your system's functionality or provide an attack vector for malicious actors. By using the option, you can ensure that you're seeing the complete picture, enabling you to make informed decisions and take appropriate actions. -v The practice of using the options should be incorporated into your routine, especially when dealing with files from untrusted sources or those you didn't create yourself. In the ever-evolving landscape of cybersecurity, it's crucial to remain vigilant and take proactive measures to safeguard your systems. Failing to review files thoroughly could leave you susceptible to potential security breaches, data loss, or system compromise. -vet While the command is a valuable tool, relying on it without the options to review scripts or other text files can leave you vulnerable to hidden characters or malicious code injections. Always use or to ensure you're seeing the full contents of the file you're reviewing. By adopting this simple practice, you can significantly enhance your system's security and protect yourself from potential threats lurking in the shadows of non-printable characters. cat -vet cat -v cat --show-nonprinting

Walkthroughs, tutorials, guides, and tips. This story will teach you how to do something new or how to do something better.

Bootcamp to Code: US Marine Corps Wisdom for the Tech World

The Dark Side of Open Source: Securing the Software Supply Chain

See what I am up to on YouTube

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Too Long; Didn't Read

Make resilience your competitive advantage

Exposing the Dangerous CAT Command's Limitations in Script Review

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

3 Outside-the-box Questions to Ask During a Cybersecurity Interview

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

3 Outside-the-box Questions to Ask During a Cybersecurity Interview

Windows Sticky Keys Exploit: The War Veteran That Never Dies

06/02/2018: Biggest Stories in the Cryptosphere

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

Time Bombs Inside Software: 0-Day Log4Shell is Just the Tip of The Iceberg

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps