Shellshocked

Standard

Shellshock, is also know as Bashdoor, this bug was first disclosed on 24th September 2014. This bug let malicious hackers craft certain requests allowing them to execute arbitrary commands to the vulnerable version of bash.

CVE:
CVE-2014-6277
CVE-2014-6278
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

To check if your bash is vulnerable please use the following bash commands

 

env X='() { (a)=>\' bash -c "echo date"; cat echo
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"



Exploiting a clients webserver

Exploiting a clients webserver

Shell Shock testing for vulnerability

Shell Shock testing for vulnerability