Protect Servers Against the Shellshock Bash Vulnerability


Shellshock

Shellshock explained
A vulnerability in GNU’s bash shell that gives attackers access to run remote commands on a vulnerable system. If server has not updated bash in since Tue Sep 30 2014: 1:32PM, you’re most definitely vulnerable and have been since first boot. it affects versions 1.14 to the most recent version 4.3 according to NVD.

You can use the below code to test the vulnerability and learn to patch it

Exploit 1
Try running the following command in a shell.

 env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 

If you see “vulnerable” you need to update the bash.

Exploit 2
Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

 env X='() { (shellshocker.net)=>\' bash -c "echo date"; cat echo;  rm ./echo  

If the above command outputs the current date (it may also show errors), you are still vulnerable.

Exploit 3

Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.

 env X=' () { }; echo hello' bash -c 'date' 

If the above command outputs “hello”, you are vulnerable.
Exploit 4

 bash -c 'true < echo "CVE-2014-7186 vulnerable, redir_stack"

A vulnerable system will echo the text “CVE-2014-7186 vulnerable, redir_stack”.
Exploit 5

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"

A vulnerable system will echo the text “CVE-2014-7187 vulnerable, word_lineno”.
Exploit 6

 shellshocker='() { echo You are vulnerable; }' bash -c shellshocker

You shouldn’t see “You are vulnerable”, if you’re patched you will see “bash: shellshocker: command not found”
Exploit 7 (CVE-2014-6277)

 bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable 

If the command outputs “vulnerable”, you are vulnerable.

How  to fix Shellshock

Here’s how that’s done:
For centOS

yum update bash -y 

For Ubuntu

sudo apt-get update && sudo apt-get install --only-upgrade bash

For Arch Linux:

pacman -Syu
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: