• Email info@cyberry.co.uk
  • WTF is EOF?

  • Ever come across << EOF in a script and wondered what it was?

    Here’s a good example taken from Exploit DB, on creating a Perl Module file which will be used to escalate privileges based upon an “exim” vulnerability. (Exploit 39535)

    The code reads as follows:

    The first line is often the one that throws people. OK so we are going to cat something into /tmp/root.pm (a .pm file is a Perl Module file) but then this strange << EOF is at the end of the line?

    Well the << EOF acts as a “marker” to state that you are about to begin a multi-line cat to the root.pm file. As soon as you hit return on the keyboard after than first line, you’ll be presented with a > which effectively says, “OK I’m ready for you to give me the stuff you want me to add to this file, line-by line”

    So we add the first line, which in this example is: package root;

    We hit return and we move to the next line, which in this case is: use strict;

    hit return again….this time we want to have a space in the file, so hit return again and move down an extra line.

    Finally type in the final line which is: system(“/bin/sh”); and hit return

    Our file is complete, so we finish off by typing EOF, which tells linux to cease the cat command and the file is done. That’s all there is to it 🙂

     

    quick note regarding this particular example: you might need to create the file first of all, using:

    you might also need to give it write and execute privileges using chmod.