{"id":7199,"date":"2020-05-23T10:46:39","date_gmt":"2020-05-23T10:46:39","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=7199"},"modified":"2020-05-23T10:48:34","modified_gmt":"2020-05-23T10:48:34","slug":"command-line-do-nothingness","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2020\/05\/23\/command-line-do-nothingness\/","title":{"rendered":"Command line do-nothingness"},"content":{"rendered":"\n

Yesterday I came up<\/a> with a silly game – find commands that do nothing, when executed from command line. I didn’t specify rules very precisely, but the rough idea was that the commands shouldn’t modify the environment. Grzegorz<\/a> and a few other researchers joined me in this game and they added a lot of twisted and creative ideas (thx!).<\/p>\n\n\n\n

One may ask: why doing it at all? <\/p>\n\n\n\n

First of all it is fun. Secondly, it is a good research exercise as it brings ideas that may expose imperfections of a command line interpreter and tools. These in turn may lead to some new research avenues. In fact, many lolbin and persistence discoveries started with observing what commands and programs do, when executed (including checking the command line arguments they expect).<\/p>\n\n\n\n

This is a list of all commands we came up with:<\/p>\n\n\n\n

rem foo\n:foo goto foo\nfor %k in () do echo\nshift\nbreak\ngoto :eof\nif foo==foo goto :eof\nsetlocal\npushd . & popd\ntype nul\n:: foo\necho > nul\ncopy nul nul\ncopy nul .\ncopy nul con\ncall\ncall call\nendlocal\ncolor\ncmd \/c exit\ncmd \/r exit\ncd .\ncd .\\.\\.\\.\\.\\.\ncd .\/.\/.\/.\/.\/.\ntitle\nnul\ncmd \/c exit\ncmd \/r exit\ntitle<\/pre>\n\n\n\n
We also had a few cheats (stream redirection\/piping):<\/p>\n\n\n\n
ver > nul\nvol > nul\ntime \/t >nul\nset foooooo=\ncopy nul nul > nul\necho > NUL\ncopy nul > nul<\/pre>\n\n\n\n
And the funny bits discovered? Let’s have a look.<\/p>\n\n\n\n