SlideShare ist ein Scribd-Unternehmen logo

Shellshock

N
NatureCreature1

shell shock vulnerability

Bildung
1 von 2
Downloaden Sie, um offline zu lesen
CVE-2014-6271/Shellshock This exercise covers the exploitation of a Bash vulnerability through a CGI.  FREE  EASY Dif�culty  4082 Completed this exercise Online labs details Video Introduction This course details the exploitation of the vulnerability CVE-2014-6271. This vulnerability impacts the Bourne Again Shell "Bash". Bash is not usually available through a web application but can be indirectly exposed through a Common Gateway Interface "CGI". Fingerprinting By visiting the application with a proxy (Burp Suite or OWASP Zap), we can detect that multiple URL are accessed when the page is loaded: To exploit "Shellshock", we need to �nd a way to "talk" to Bash. This implies �nding a CGI that will use Bash. CGIs commonly use Python or Perl but it's not uncommon to �nd (on old servers), CGI written in Shell or even C. How CGIs work? When you call a CGI, the web server (Apache here) will start a new process and run the CGI. Here it will start a Bash process and run the CGI script. Apache needs to pass information to the CGI script. To do so, it uses environment variables. Environment variables are available inside the CGI script. It allows Apache to easily pass every headers (amongst other information) to the CGI. If you have a HTTP header named Blah in your request, you will have an environment variable named HTTP_BLAH available in your CGI. The vulnerability Here, we are going to focus on the �rst version of the vulnerability but many more vulnerabilities in the same subpart of Bash have been found since: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187... The source of the issue is that Bash can have internal function declaration in its environment variable. The �rst version of the vulnerability is related to the ability to run arbitrary commands after a function declaration.  You can quickly test this by replacing the call to `uptime` by a call to `env` in the CGI. Then if you call this script with arbitrary header, you should see them in the page. PentesterLab: Learn Web App Pentesting! https://pentesterlab.com/exercises/cve-2014-62... 1 of 2 2020-04-02 12:11
PentesterLab: Learn Web App Pentesting! https://pentesterlab.com/exercises/cve-2014-62... 2 of 2 2020-04-02 12:11

Empfohlen

Building RESTful APIs w/ Grape
Building RESTful APIs w/ GrapeBuilding RESTful APIs w/ Grape
Building RESTful APIs w/ GrapeDaniel Doubrovkine
 
Scale your PHP application with Elastic Beanstalk - CloudParty Genova
Scale your PHP application with Elastic Beanstalk - CloudParty GenovaScale your PHP application with Elastic Beanstalk - CloudParty Genova
Scale your PHP application with Elastic Beanstalk - CloudParty GenovaCorley S.r.l.
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...MongoDB
 
Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Dr Nic Williams
 
Dockerize node.js application
Dockerize node.js applicationDockerize node.js application
Dockerize node.js applicationSeokjun Kim
 
Building an API using Grape
Building an API using GrapeBuilding an API using Grape
Building an API using Grapevisnu priya
 

Empfohlen

Building RESTful APIs w/ Grape
Building RESTful APIs w/ GrapeBuilding RESTful APIs w/ Grape
Building RESTful APIs w/ GrapeDaniel Doubrovkine
 
Scale your PHP application with Elastic Beanstalk - CloudParty Genova
Scale your PHP application with Elastic Beanstalk - CloudParty GenovaScale your PHP application with Elastic Beanstalk - CloudParty Genova
Scale your PHP application with Elastic Beanstalk - CloudParty GenovaCorley S.r.l.
 
Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Serverless in Production, an experience report (cloudXchange)
Serverless in Production, an experience report (cloudXchange)Yan Cui
 
Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Serverless in production, an experience report (LNUG)
Serverless in production, an experience report (LNUG)Yan Cui
 
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...
MongoDB World 2018: Tutorial - Got Dibs? Building a Real-Time Bidding App wit...MongoDB
 
Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Integration Testing With Cucumber How To Test Anything J A O O 2009
Integration Testing With Cucumber How To Test Anything J A O O 2009Dr Nic Williams
 
Dockerize node.js application
Dockerize node.js applicationDockerize node.js application
Dockerize node.js applicationSeokjun Kim
 
Building an API using Grape
Building an API using GrapeBuilding an API using Grape
Building an API using Grapevisnu priya
 
End to-end testing from rookie to pro
End to-end testing from rookie to proEnd to-end testing from rookie to pro
End to-end testing from rookie to proDomenico Gemoli
 
Command Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, AutomationCommand Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, AutomationColdFusionConference
 
Automated acceptance test
Automated acceptance testAutomated acceptance test
Automated acceptance testBryan Liu
 
Docker Docker Docker Chef
Docker Docker Docker ChefDocker Docker Docker Chef
Docker Docker Docker ChefSean OMeara
 
Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019Nahuel Garbezza
 
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...NETWAYS
 
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...NETWAYS
 
Deploy made easy (even on Friday)
Deploy made easy (even on Friday)Deploy made easy (even on Friday)
Deploy made easy (even on Friday)Riccardo Bini
 
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...eZ Systems
 
Docker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testůDocker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testůRadim Daniel Pánek
 
How Symfony Changed My Life
How Symfony Changed My LifeHow Symfony Changed My Life
How Symfony Changed My LifeMatthias Noback
 
ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)Shashikant Jagtap
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionJoe Ferguson
 
Concurrent Ruby Application Servers
Concurrent Ruby Application ServersConcurrent Ruby Application Servers
Concurrent Ruby Application ServersLin Jen-Shin
 
Streamlining API with Swagger.io
Streamlining API with Swagger.ioStreamlining API with Swagger.io
Streamlining API with Swagger.ioVictor Augusteo
 
Hand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef ResourcesHand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef ResourcesSean OMeara
 
Dependency Injection
Dependency InjectionDependency Injection
Dependency InjectionColdFusionConference
 
Automate Thyself
Automate ThyselfAutomate Thyself
Automate ThyselfOrtus Solutions, Corp
 
Ruby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraRuby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraAndolasoft Inc
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.Javier López
 
Introduction to Groovy Monkey
Introduction to Groovy MonkeyIntroduction to Groovy Monkey
Introduction to Groovy Monkeyjervin
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityUT, San Antonio
 

Weitere ähnliche Inhalte

Was ist angesagt?

End to-end testing from rookie to pro
End to-end testing from rookie to proEnd to-end testing from rookie to pro
End to-end testing from rookie to proDomenico Gemoli
 
Command Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, AutomationCommand Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, AutomationColdFusionConference
 
Automated acceptance test
Automated acceptance testAutomated acceptance test
Automated acceptance testBryan Liu
 
Docker Docker Docker Chef
Docker Docker Docker ChefDocker Docker Docker Chef
Docker Docker Docker ChefSean OMeara
 
Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019Nahuel Garbezza
 
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...NETWAYS
 
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...NETWAYS
 
Deploy made easy (even on Friday)
Deploy made easy (even on Friday)Deploy made easy (even on Friday)
Deploy made easy (even on Friday)Riccardo Bini
 
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...eZ Systems
 
Docker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testůDocker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testůRadim Daniel Pánek
 
How Symfony Changed My Life
How Symfony Changed My LifeHow Symfony Changed My Life
How Symfony Changed My LifeMatthias Noback
 
ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)Shashikant Jagtap
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionJoe Ferguson
 
Concurrent Ruby Application Servers
Concurrent Ruby Application ServersConcurrent Ruby Application Servers
Concurrent Ruby Application ServersLin Jen-Shin
 
Streamlining API with Swagger.io
Streamlining API with Swagger.ioStreamlining API with Swagger.io
Streamlining API with Swagger.ioVictor Augusteo
 
Hand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef ResourcesHand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef ResourcesSean OMeara
 
Ruby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraRuby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraAndolasoft Inc
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.Javier López
 

Was ist angesagt? (20)

End to-end testing from rookie to pro
End to-end testing from rookie to proEnd to-end testing from rookie to pro
End to-end testing from rookie to pro
 
Command Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, AutomationCommand Box ColdFusion Package Manager, Automation
Command Box ColdFusion Package Manager, Automation
 
Automated acceptance test
Automated acceptance testAutomated acceptance test
Automated acceptance test
 
Docker Docker Docker Chef
Docker Docker Docker ChefDocker Docker Docker Chef
Docker Docker Docker Chef
 
Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019Lessons learned from a huge Rails app - RubyConf Brasil 2019
Lessons learned from a huge Rails app - RubyConf Brasil 2019
 
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
stackconf 2020 | Enterprise CI/CD Integration Testing Environments Done Right...
 
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
OSCamp 2019 | #3 Ansible: Automated Tests of Ansible code with GitLab, Vagran...
 
Deploy made easy (even on Friday)
Deploy made easy (even on Friday)Deploy made easy (even on Friday)
Deploy made easy (even on Friday)
 
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
Increase eZ Power With EzCoreExtraBundle (presented by Jérôme Vieilledent at ...
 
Docker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testůDocker jako prostředí pro automatizaci testů
Docker jako prostředí pro automatizaci testů
 
How Symfony Changed My Life
How Symfony Changed My LifeHow Symfony Changed My Life
How Symfony Changed My Life
 
ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)ATDD with Behat and Selenium (LDNSE6)
ATDD with Behat and Selenium (LDNSE6)
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello Production
 
Concurrent Ruby Application Servers
Concurrent Ruby Application ServersConcurrent Ruby Application Servers
Concurrent Ruby Application Servers
 
Streamlining API with Swagger.io
Streamlining API with Swagger.ioStreamlining API with Swagger.io
Streamlining API with Swagger.io
 
Hand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef ResourcesHand Crafted Artisanal Chef Resources
Hand Crafted Artisanal Chef Resources
 
Dependency Injection
Dependency InjectionDependency Injection
Dependency Injection
 
Automate Thyself
Automate ThyselfAutomate Thyself
Automate Thyself
 
Ruby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybaraRuby on rails integration testing with minitest and capybara
Ruby on rails integration testing with minitest and capybara
 
One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.One commit, one release. Continuously delivering a Symfony project.
One commit, one release. Continuously delivering a Symfony project.
 

Ähnlich wie Shellshock

Introduction to Groovy Monkey
Introduction to Groovy MonkeyIntroduction to Groovy Monkey
Introduction to Groovy Monkeyjervin
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityUT, San Antonio
 
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ViSolve, Inc.
 
2022 APIsecure_Hacking APIs 101 with MindAPI
2022 APIsecure_Hacking APIs 101 with MindAPI2022 APIsecure_Hacking APIs 101 with MindAPI
2022 APIsecure_Hacking APIs 101 with MindAPIAPIsecure_ Official
 
2016 05-cloudsoft-amp-and-brooklyn-new
2016 05-cloudsoft-amp-and-brooklyn-new2016 05-cloudsoft-amp-and-brooklyn-new
2016 05-cloudsoft-amp-and-brooklyn-newBradDesAulniers2
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentAlienVault
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIAndrey Karpov
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionJoe Ferguson
 
document.pptx
document.pptxdocument.pptx
document.pptxjosephLak
 
Apache Sling Scripting Reloaded
Apache Sling Scripting ReloadedApache Sling Scripting Reloaded
Apache Sling Scripting ReloadedRadu Cotescu
 
Custom Buildpacks and Data Services
Custom Buildpacks and Data ServicesCustom Buildpacks and Data Services
Custom Buildpacks and Data ServicesTom Kranz
 
Python Flask app deployed to OPenShift using Wercker CI
Python Flask app deployed to OPenShift using Wercker CIPython Flask app deployed to OPenShift using Wercker CI
Python Flask app deployed to OPenShift using Wercker CIBruno Rocha
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisTiago Simões
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bugvwchu
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAnton Babenko
 
All the Laravel things: up and running to making $$
All the Laravel things: up and running to making $$All the Laravel things: up and running to making $$
All the Laravel things: up and running to making $$Joe Ferguson
 
Virtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profitVirtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profitAndreas Heim
 
Using OSGi for script deployment in Apache Sling
Using OSGi for script deployment in Apache SlingUsing OSGi for script deployment in Apache Sling
Using OSGi for script deployment in Apache SlingRadu Cotescu
 
Cloud Automation with Opscode Chef
Cloud Automation with Opscode ChefCloud Automation with Opscode Chef
Cloud Automation with Opscode ChefSri Ram
 

Ähnlich wie Shellshock (20)

Introduction to Groovy Monkey
Introduction to Groovy MonkeyIntroduction to Groovy Monkey
Introduction to Groovy Monkey
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerability
 
ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)ShellShock (Software BASH Bug)
ShellShock (Software BASH Bug)
 
2022 APIsecure_Hacking APIs 101 with MindAPI
2022 APIsecure_Hacking APIs 101 with MindAPI2022 APIsecure_Hacking APIs 101 with MindAPI
2022 APIsecure_Hacking APIs 101 with MindAPI
 
2016 05-cloudsoft-amp-and-brooklyn-new
2016 05-cloudsoft-amp-and-brooklyn-new2016 05-cloudsoft-amp-and-brooklyn-new
2016 05-cloudsoft-amp-and-brooklyn-new
 
Vagrant
VagrantVagrant
Vagrant
 
The bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environmentThe bash vulnerability practical tips to secure your environment
The bash vulnerability practical tips to secure your environment
 
PVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CIPVS-Studio in the Clouds: Travis CI
PVS-Studio in the Clouds: Travis CI
 
Laravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello ProductionLaravel Forge: Hello World to Hello Production
Laravel Forge: Hello World to Hello Production
 
document.pptx
document.pptxdocument.pptx
document.pptx
 
Apache Sling Scripting Reloaded
Apache Sling Scripting ReloadedApache Sling Scripting Reloaded
Apache Sling Scripting Reloaded
 
Custom Buildpacks and Data Services
Custom Buildpacks and Data ServicesCustom Buildpacks and Data Services
Custom Buildpacks and Data Services
 
Python Flask app deployed to OPenShift using Wercker CI
Python Flask app deployed to OPenShift using Wercker CIPython Flask app deployed to OPenShift using Wercker CI
Python Flask app deployed to OPenShift using Wercker CI
 
How to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysisHow to create a multi tenancy for an interactive data analysis
How to create a multi tenancy for an interactive data analysis
 
Shellshock - A Software Bug
Shellshock - A Software BugShellshock - A Software Bug
Shellshock - A Software Bug
 
AWS CodeDeploy - basic intro
AWS CodeDeploy - basic introAWS CodeDeploy - basic intro
AWS CodeDeploy - basic intro
 
All the Laravel things: up and running to making $$
All the Laravel things: up and running to making $$All the Laravel things: up and running to making $$
All the Laravel things: up and running to making $$
 
Virtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profitVirtualize and automate your development environment for fun and profit
Virtualize and automate your development environment for fun and profit
 
Using OSGi for script deployment in Apache Sling
Using OSGi for script deployment in Apache SlingUsing OSGi for script deployment in Apache Sling
Using OSGi for script deployment in Apache Sling
 
Cloud Automation with Opscode Chef
Cloud Automation with Opscode ChefCloud Automation with Opscode Chef
Cloud Automation with Opscode Chef
 

Kürzlich hochgeladen

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1GloryAnnCastre1
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleCeline George
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxkarenfajardo43
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptxmary850239
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxMichelleTuguinay1
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Association for Project Management
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxHumphrey A Beña
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxJonalynLegaspi2
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research DiscourseAnita GoswamiGiri
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxVanesaIglesias10
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17Celine George
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfPatidar M
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxDhatriParmar
 

Kürzlich hochgeladen (20)

Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1Reading and Writing Skills 11 quarter 4 melc 1
Reading and Writing Skills 11 quarter 4 melc 1
 
Multi Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP ModuleMulti Domain Alias In the Odoo 17 ERP Module
Multi Domain Alias In the Odoo 17 ERP Module
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptxGrade Three -ELLNA-REVIEWER-ENGLISH.pptx
Grade Three -ELLNA-REVIEWER-ENGLISH.pptx
 
4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx4.11.24 Mass Incarceration and the New Jim Crow.pptx
4.11.24 Mass Incarceration and the New Jim Crow.pptx
 
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptxDIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
DIFFERENT BASKETRY IN THE PHILIPPINES PPT.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Paradigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTAParadigm shift in nursing research by RS MEHTA
Paradigm shift in nursing research by RS MEHTA
 
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
Team Lead Succeed – Helping you and your team achieve high-performance teamwo...
 
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptxINTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
INTRODUCTION TO CATHOLIC CHRISTOLOGY.pptx
 
week 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptxweek 1 cookery 8 fourth - quarter .pptx
week 1 cookery 8 fourth - quarter .pptx
 
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of EngineeringFaculty Profile prashantha K EEE dept Sri Sairam college of Engineering
Faculty Profile prashantha K EEE dept Sri Sairam college of Engineering
 
Scientific Writing :Research Discourse
Scientific Writing :Research DiscourseScientific Writing :Research Discourse
Scientific Writing :Research Discourse
 
ROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptxROLES IN A STAGE PRODUCTION in arts.pptx
ROLES IN A STAGE PRODUCTION in arts.pptx
 
prashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Professionprashanth updated resume 2024 for Teaching Profession
prashanth updated resume 2024 for Teaching Profession
 
How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17How to Fix XML SyntaxError in Odoo the 17
How to Fix XML SyntaxError in Odoo the 17
 
Active Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdfActive Learning Strategies (in short ALS).pdf
Active Learning Strategies (in short ALS).pdf
 
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptxUnraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
Unraveling Hypertext_ Analyzing Postmodern Elements in Literature.pptx
 

Shellshock

  • 1. CVE-2014-6271/Shellshock This exercise covers the exploitation of a Bash vulnerability through a CGI.  FREE  EASY Dif�culty  4082 Completed this exercise Online labs details Video Introduction This course details the exploitation of the vulnerability CVE-2014-6271. This vulnerability impacts the Bourne Again Shell "Bash". Bash is not usually available through a web application but can be indirectly exposed through a Common Gateway Interface "CGI". Fingerprinting By visiting the application with a proxy (Burp Suite or OWASP Zap), we can detect that multiple URL are accessed when the page is loaded: To exploit "Shellshock", we need to �nd a way to "talk" to Bash. This implies �nding a CGI that will use Bash. CGIs commonly use Python or Perl but it's not uncommon to �nd (on old servers), CGI written in Shell or even C. How CGIs work? When you call a CGI, the web server (Apache here) will start a new process and run the CGI. Here it will start a Bash process and run the CGI script. Apache needs to pass information to the CGI script. To do so, it uses environment variables. Environment variables are available inside the CGI script. It allows Apache to easily pass every headers (amongst other information) to the CGI. If you have a HTTP header named Blah in your request, you will have an environment variable named HTTP_BLAH available in your CGI. The vulnerability Here, we are going to focus on the �rst version of the vulnerability but many more vulnerabilities in the same subpart of Bash have been found since: CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187... The source of the issue is that Bash can have internal function declaration in its environment variable. The �rst version of the vulnerability is related to the ability to run arbitrary commands after a function declaration.  You can quickly test this by replacing the call to `uptime` by a call to `env` in the CGI. Then if you call this script with arbitrary header, you should see them in the page. PentesterLab: Learn Web App Pentesting! https://pentesterlab.com/exercises/cve-2014-62... 1 of 2 2020-04-02 12:11
  • 2. PentesterLab: Learn Web App Pentesting! https://pentesterlab.com/exercises/cve-2014-62... 2 of 2 2020-04-02 12:11