About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Terminal escape injection in AWS CloudShell- 507

Felix WilhelmPosted 4 Years Ago
  • AWS Cloudshell is a way to interact with the terminal on an EC2 instance from the comfort of the browser. The library used for simulating the terminal is aceterm, which is meant to simulate the xterm shell.
  • The specific DCS escape code ("\eP+q") has a path that leads to the output from the terminal being added to the input terminal handler. By putting a newline in this string, it is possible to escape the current line and execute additional commands on the system. Damn, command injection from the Cloudshell!?
  • In order to trigger this bug, an attacker needs to get the victim to view something malicious in the terminal. This could be a malicious file on the system or simply curling a specific endpoint.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed