Bash Scripting - seq - unsecurednerd.com

BASH. seq.

Last night, I was working my way through a module in a computer insecurity course and the instructor needed a short list of sequential numbers to test for Insecure Direct Object Reference, IDOR. The instructor proceeds to open VIM. Please, cue the needle being dragged across a record sound effect. I clutched my pearls and tried to close my eyes. I didn’t want to bear witness to the offending activity but I just had to watch. I had to see for myself. The instructor typed out a short Python script that used a for loop and range() to print numbers to the terminal. He ran the script and then copied and pasted the output into Burp Suite Intruder. The entire process took 2 minutes, maybe less. I don’t think he thought much about it. It’s possible that no one else who has seen it thinks much about it, he needed a list of sequential numbers real quick and that’s it, but I saw it. I’ll never be able to not see it.

I joke, I joke. I kid, I kid. I’m invoking judgmental neck beard behavior for comedic effect. In all honesty, It wasn’t bad. It wasn't good. It wasn’t anything. Different folks different strokes. This instructor is actually one of the few people that I admire for being so public about his stance on the importance of practitioners of computer insecurity learning to program.

seq

The seq command can be used to create lists of sequential numbers:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 10 
1
2
3
4
5
6
7
8
9
10

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 5 10  
5
6
7
8
9
10

It can also be used to create lists of numbers that are counted in steps. A list of numbers that starts at 0 and ends at 10 that is counted in steps of two can be created like so:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 0 2 10
0
2
4
6
8
10

A list of numbers that starts at 9, ends at 22, and is counted in steps of 3 can be created like so:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 9 3 22
9
12
15
18
21

A list in descending order requires a start, steps, and an end in that order:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 10 -1 1
10
9
8
7
6
5
4
3
2
1

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 20 -2 14
20
18
16
14

The sort command can also be used in conjunction with seq to create a list in descending order.

┌──(unsecurednerd㉿kali)-[~]
└─$ seq 10 | sort -nr  
10
9
8
7
6
5
4
3
2
1

The default separator between numbers is a newline character but a different separator can be specified by using the -s command line switch:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq -s "," 10    
1,2,3,4,5,6,7,8,9,10

seq supports printf style formatting:

┌──(unsecurednerd㉿kali)-[~]
└─$ seq -f "test_folder_%02g" 10
test_folder_01
test_folder_02
test_folder_03
test_folder_04
test_folder_05
test_folder_06
test_folder_07
test_folder_08
test_folder_09
test_folder_10

Making lists of numbers is all well and good but there are plenty of use cases for seq. It can be used to do so much more when combined with other commands such as mkdir:

┌──(unsecurednerd㉿kali)-[~]
└─$ mkdir -v $(seq -f "test_folder_%02g" 10)
mkdir: created directory 'test_folder_01'
mkdir: created directory 'test_folder_02'
mkdir: created directory 'test_folder_03'
mkdir: created directory 'test_folder_04'
mkdir: created directory 'test_folder_05'
mkdir: created directory 'test_folder_06'
mkdir: created directory 'test_folder_07'
mkdir: created directory 'test_folder_08'
mkdir: created directory 'test_folder_09'
mkdir: created directory 'test_folder_10'

For a listing of all the command line switches that can be used with seq please see:

https://linux.die.net/man/1/seq

https://www.gnu.org/software/coreutils/manual/html_node/seq-invocation.html

DISCLAIMER Everything discussed herein is done so within the context of Boot2Roots, Crackmes, CTFs, and various other types of Cyber Security/Information Security/Programming challenges and competitions, Cyber Security/Information Security/Programming education, the Cyber Security/Information Security/Programming industry, and the Cyber Security/Information Security/Programming education industry. DO NOT "ATTACK" ANY SYSTEM(S) WITHOUT FIRST OBTAINING PROPER AUTHORIZATION. The Unsecured Nerd cannot and, most importantly, is genuinely not interested in helping you hack your personal enemies, family, friends, significant other, your government, governments that oppose your government, random remote targets that you managed to locate on the internet, and/or really anything at all. If reading something on this site causes you to wonder how it can be applied to hack any of those aforementioned things it’s best that you keep wondering. Stay safe.

This site relies very heavily on design elements provided by Barebones which is "a modern, responsive boilerplate laid bare". Download your copy from https://acahir.github.io/Barebones/.