Found this in an obfuscated malicious shell script, beginning with:
${!#}${*^} <<<...
Could not find any reference to ${!#}, but when echo'd, it outputs -bash. Is this a secret referene to the running shell? Why there is an extra dash then?
Thanks!
This answer is bash-specific, because you tried the echo in bash. Not all shells behave the same.
In bash, if $var1 is foo, then ${!var1} is the same as $foo. The ! is indirect expansion: it causes bash to retrieve from the given variable a variable name (foo) instead of a value.
Now replace var1 with #.
$# is the number of arguments.
If $# is 0, ${!#} is $0.
If $# is 4, ${!#} is $4.
In other words, ${!#} is the last positional parameter, no matter how many there positional parameters there are.
If there are no positional parameters, $# is 0, so the result is $0, which is the name of the shell or script (reference). In your case, that was bash (plus a leading - meaning that it's a login shell).
Quick test:
$ echo ${!#}
-bash
$ set the quick brown fox
$ echo ${!#}
fox
bash, but you fail to mention that. In all the other shells, ${!#} will expand to the PID of the last background command ($!) with a empty string removed from the beginning (the ${var#pat} form of parameter expansions).
–
May 23 '19 at 13:55
bash(and only inbash),${!#}is the last positional parameter obtained via "Indirect Expansion" (the${!var}syntax) of the the$#variable. – May 23 '19 at 14:07