On running a quick nikto scan, we can see that this machine is vulnerable to the Shellshock Vulnerability. I've also posted a detailed writeup for this machine, you can find it here. For this article, I'll be using a boot2root machine "Sumo:1" from Vulnhub. In this guide, we will be exploiting the mod_cgi module that is part of the Apache HTTP Server. Shellshock is actually an entire family of vulnerabilities consisting of multiple exploitation vectors. Upon running the above command, an affected version of bash will output “vulnerable”. Therefore, an attacker can execute arbitrary commands on the system or exploit other bugs that may exist in Bash's command interpreter, if the attacker has a way to manipulate the environment variable list. The vulnerability relies on the fact that BASH incorrectly executes trailing commands when it imports a function definition stored into an environment variable. It is a security bug in the Unix Bash shell that causes Bash to execute bash commands from environment variables unintentionally. Nowadays, you will find this vulnerability in many CTF Challenges, so this article can help you to find a way by exploiting this vulnerability. It affected most versions of Linux and UNIX-based OSes. Shellshock is still a very real threat, especially for unpatched systems. One of the most critical bugs that came out in the last decade was Shellshock, a vulnerability which allows attackers to execute arbitrary code via Unix Bash shell remotely.
0 Comments
Leave a Reply. |