H3-2022-0044¶

Shell History File Exposure

Description¶

A shell history file was found exposed on a web server. Most interactive commandline programs (i.e. bash, python, less, etc.) save their command history in a file. This is done to give the user the opportunity to navigate through previous commands even if the program terminated in between. For instance, bash is a shell and command language used in many Unix-like operating systems, and it records the commands run by users into a hidden file called .bash_history located in their home directory. An attacker who gains access to this file can search the command history for credentials and other sensitive information that users may have entered directly into the command line.

Impact¶

Exploiting this misconfiguration allows the attacker to potentially retrieve usernames, passwords, and other security-sensitive commands that were executed by the user, leading to further compromises within the network.

References¶

• How to Manage Your Linux Command History
• MITRE ATT&CK Technique: T1552.003: Unsecured Credentials: Bash History