If you get pw3ned, might want to fix your shell
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
README.md Fix link to patch Mar 18, 2017
pw3n Support linux et al. Mar 17, 2017



If you get pw3ned, might want to fix your shell

This is a rather silly POC of a vulnerability in custom shell prompt scripts that I suspect is rather widespread. I noticed when working on a branch that included (for the sake of cuteness) a $ that my prompt that usually includes the branch name had a bunch of gibberish. I suspected the zsh pluging I was using did not properly escape shell metacharacters, so I tried a few more things and landed on this.

How it works:

  1. This repo has an unusually-named default branch of $(./pw3n)
  2. The repo contains a script at the path referenced in the branch name
  3. When you cd to this repo, if your shell prompt tries to display your branch name and does't correctly escape $(..) expressions, it will execute ./pw3n


  • only show whitelisted characters branch=${BRANCH//[^a-z0-9\/]/-}
  • construct PS1 to reference a variable that holds the branch name official git prompt fix