CVE-2014-7169

CVE-2014-7169 Shell Shock

SHELL-SCHOCK CVE-2014-7169 Shell Shock

Exploits written.

Exploits OpenSSL Alternative Chains Certificate Forgery MITM Proxy The X509_verify_cert function in crypto/x509/x509_vfyc in OpenSSL 101n, 101o, 102b, and 102c does not properly process X509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended

This module determine the vulnerability of a bash binary to the shellshock exploits (CVE-2014-6271 or CVE-2014-7169) and then patch that where possible

This module determine the vulnerability of a bash binary to the shellshock exploits (CVE-2014-6271 or CVE-2014-7169) and then patch that where possible Supported platforms: Debian (5, 6, 7) Ubuntus (1204 LTS, 1404 LTS, 1410) RHEL/CentOS (5, 6) Usage class {'shellshock': } Facter provided facter -p shellshock not_vulnera

A scanner to identify the shellshock vulnerability in web applications

ShellshockScan Essentialy what this scanner does is send a specially crafted http header to a website, if that website gives us a 200, 201, 202, 404, 403, 301, 302, 307 or 308 error that means it has rejected our header and therefore is unlikely to be vulnerable About Shellshock CVE-2014-6271, otherwise affectionately known as Shellshock, is potentially the most devastating vu

Totalshares is a ruby gem that provides classes and a command line tool to fetch the number of shares on various social networks of a specific webpage or an entire website.

Totalshares Totalshares is a ruby gem that provides classes(Website and Webpage) to get the number of shares of a specific webpage or an entire website on various social networks ####install > gem install totalshares Webpage 210 :001 > require 'totalshares' => true 210 :002 > webpage = Totalshares::Webpagenew "wwwthegee

This is a proof-of-prinicple for patching OS X hosts for shell shock

shellshock-Ansible This is a proof-of-prinicple to show that Ansible can be used to patch BASH on OS X Specifically for CVE-2014-6271 and CVE-2014-7169 Work in this project is based off of the posting(s) of alblue - albluebandlemcom Main reference is his evolving post applestackexchangecom/questions/146849/how-do-i-recompile-bash-to-avoid-shellshock-the-remote-exploi

ansible-shellshock This is an ansble playbook to address the bash vulnerability in CVE-2014-6271 and CVE-2014-7169 This playbook automates the remediation items from accessredhatcom/articles/1200223 HOWTO run ansible-playbook -i <hostfile> bashyml -k -K Author Alex Schultz aschultz@next-developmentcom

Wrapper for /bin/bash that mitigates 'shellshock'

bash-shellshock wrapper This is a small wrapper around /bin/bash that refuses to start bash if any environment variables start with '(' It can also be run in a log-only mode and a mode that strips these 'bad' environment variables You can install this as a temporary workaround if you don't fully trust the latest patches for CVE-2014-6271 and CVE-2014

ShellShockCheck A python script to check CVE-2014-7169 go version Install Go on your machine by following the instructions on the official website (golangorg/doc/install) Download the Shellshock-Checker code provided above and save it to your machine Open a terminal window and navigate to the directory where the code is saved Compile the code by running the command &

Update bash on lenny and later debian after shellshock

fix-bash-bug Update bash on lenny and later debian after shellshock Simple update for debian stable Add squeeze-lts repository for previous stable (should have already been there) Compile bash from source for previous previous stable (only tested with lenny) Up to patchlvel 54 for CVE-2014-7169 Up to patchlvel 55 Compile bash 32 from source for Debian Lenny to patch CVE-2014

bash-cve-2014-7169-cookbook Ensures bash 'shellshock' vulnerability is patched Based on blog post written by Julian Dunn @ Chef wwwchefio/blog/2014/09/30/detecting-repairing-shellshock-with-chef/

Detailed description and usage, see: weibocom/1363173330/BoKSHl0YE CVE-2014-6271 CVE-2014-7169 remote code execution through bash twittercom/taviso/status/514887394294652929 官方补丁不靠谱，这个修复了绕过问题。 成功patch了bash 42 版本

This will download Apple's bash source, patch it, build it, and create a pkg file for you

shellshock-patch-osx This will download Apple's bash source, patch it, build it, and create a pkg file for you, then optionally wrap it in a dmg or zip file to make distributing it easier This applies the following patches: bash32-052 - CVE-2014-6271 (aka shellshock) bash32-053 - CVE-2014-7169 (aka aftershock) bash32-054 - CVE-2014-6277 (another bash bug) Pre-requisites

Dokku on steroids (this project is no longer actively maintained)

Dokku Alternative Unmaintained, Migrate to Dokku as soon as possible Docker powered mini-Heroku The smallest PaaS implementation you've ever seen It's a fork of the original dokku The idea behind this fork is to provide complete solution with plugins covering most use-cases which are stable and well tested Features Debian-based installation and upgrade! Git de

A Salt grain to check your system for Shellshock vulnerability

This is a quick custom grain that you can add to your Salt system to check your systems for vulnerability to the Shellshock bug (CVE-2014-6271 and CVE-2014-7169) To use it, place a copy of shellshockpy in /srv/salt/_grains and then run: salt '*' saltutilsync_grains Once that has run, you should be able to tell which of your s

Apple Mac OS X bash-92 updated to 3.2.54 (shellshock patched)

This repository is deprecated since Apple released an official hotfix, referred to as the OS X bash Update 10, which updates bash to 3253 (although not 3254, aka Florian's patch) That update does seem to apply portions of Florian's patch The updated bash-9212 code is also available from Apple, and I've created a branch containing that source code Ap

Unix/Linux Hot Vulnerability mass patching tool, identifies the operating system and uses a simple repository to patch, log and manage the process

======= patchme Unix/Linux Hot Vulnerability mass patching tool, identifies the operating system and uses a simple repository to patch, log and manage the process Author: Jack Bezalel ( jackbezalelcom jackbezalelnet linkedincom/in/jackbezalel ) To use patch me you need to have this directory structure in place: /patches /patches/bin - includes all sh pr

CVE-2014-6271 A vulnerability known as "ShellShock" exists in GNU Bash through 43 due to how it processes trailing strings in the values of environment variables after function definitions This vulnerability enables remote attackers to execute arbitrary code by crafting the environment in certain situations, including when the environment is set across a privilege b

DEPRECATED: Chef cookbook to audit & remediate "Shellshock" (BASH-CVE-2014-7169)

bash-shellshock Cookbook This cookbook is designed to test and optionally remediate the bash "shellshock" bug, more formally known as cve-2014-7169 Once Chef-client has executed this recipe on one or more hosts, a list of all nodes that are vulnerable to the "Shellshock" exploit can be retrieved from the Chef server via knife search: knife search node �

In this small repository you will find my first exploit, which takes advantage of the well-known ShellShock vulnerability on a vulnerable site. Here you will find the necessary tools to use my exploit and a proof of concept (PoC).

MyExploit-ShellShock In this small repository you will find my first exploit, which takes advantage of the well-known ShellShock vulnerability on a vulnerable site Here you will find the necessary tools to use my exploit and a proof of concept (PoC) ShellShock ShellShock is a security vulnerability that affects Bash shell software used in Unix and Linux operating systems Thi

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

My own tools for easing the task of pentesting / exploit writing

sploit-tools My own tools for easing the task of pentesting / exploit writing pattern A simple Python script for replicating the functionality of pattern_createrb and pattern_offsetrb tools of the Metasploit Framework Useful for exploit writers than only have a python binary around About 25 times faster than the MSF implementation which is as slow as molasses Simply invok

Cookbook for remediating Shellshock (work in progress)

Skeleton Cookbook This cookbook is designed to test and optionally remediate the bash "shellshock" bug, more formally known as cve-2014-7169 Requirements Platform: Tested on CentOS 65 Tested on Ubuntu 1204 Cookbooks: chef_handler Attributes List attributes here Recipes cve-2014-7169::default Audits and remediates cve-2014-7169 ("Shellshock") cve-201

This will update bash bug

Shell-Shock-Update This will update bash bug How to check for shell shock bug Exploit 1 (CVE-2014-6271) env x='() { :;}; echo vulnerable' bash -c "echo this is a test" Even after udpating it may not work Exploit 2 (CVE-2014-7169) cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo Exploit 3 env -i X=' () { }; echo hel

Linux pentest tools

linux-pentest Linux pentest tools linuxprivcheckerpy This script is intended to be executed locally on a Linux box to enumerate basic system info and search for common privilege escalation vectors such as world writable files, misconfigurations, clear-text passwords and applicable exploits portknocksh Port knock script using nmap Requests multiple ports as variables Knocks

Shellshock-Bash-Remote-Code-Execution-Vulnerability-and-Exploitation Before moving into the shellshock vulnerability, everyone should know about the bash environment So let move on the bash When your computer boots up, kernal will identify each and every hardwares and components which are enabled Each and every computers which are using UNIX kernal they will have this shell

Dev & Test Security Chef Cookbook

mysecurity-cookbook Cookbook Sample security cookbook used for dev & test purposes Requirements 'ohai' cookbook Attributes Usage mysecurity-cookbook::default Add 'mysecurity-cookbook::default' to the run list The installed ohai plugin creates two automatic node attributes: node['languages']['bash']['version'] - Versio

Shellshock exploit + vulnerable environment

Shellshock exploit + vulnerable environment Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014 Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbi

Shellshock CVE-2014-7169 Command Execution Laravel CVE-2018-15133 Command Execution Dependencies: phpggc, php-curl