Shellshock Attack experiment

Shellshock Attack Experiment

First, the experimental description

In 9 months , A serious vulnerability was found in Bash Shellshock , the vulnerability can be used on many systems and can be triggered either remotely or locally. In this experiment, students need to reproduce the attack to understand the vulnerability and answer some questions.

Second, the preparation of knowledge 1.What isShellshock?

Shellshock, also known as Bashdoor, is a security vulnerability in the extensive use of the Bash Shell in Unix , It is open for the first time in 9 months of the year . Many Internet daemons, such as Web servers, use bash to handle certain commands, allowing an attacker to execute arbitrary code on a vulnerable bash version. This could allow an attacker to access the computer system without authorization. -- excerpt from Wikipedia

2. Preparation required for the experiment

Prompt installation is successful, you can query

Iii. contents of the experiment

In this experiment, we attackSet-uidprogram to getRootpermissions. First, make sure that you have installed a vulnerableBashversion, and let/bin/shPointing/bin/bash.Please compile the code below and set it toSet-uidprogram to ensure that its owner isRoot. We knowSystem ()function calls the"/bin/sh-c"to run the specified command, This also means that/bin/bashwill be invoked, usingShellshockvulnerability to obtain permissions.

#include <stdio.h>

void Main ()

{

Setuid (Geteuid ());

Make real UID = effective UID. System ("/bin/ls-l");

}

If setuid (Geteuid ()) statement is removed, and then try to attack, we can not get access to it?

failed! This means that ifReal UIDand theEffective UIDIn the same way, the content defined in the environment variable is valid within the program, soShellshockthe vulnerability could be exploited. But if two ofUIDIf the environment variable fails, you cannot launch an attack, which can beBashis verified in the source code (VARIABLES.C,in the308to the369between lines) please indicate which line is causing the difference, and indicateBashthe reason for this design.

Third, the experimental experience

This is this semester Linux last experiment, This is the last experiment of Linux this semester, the experiment is very simple , bshellshock loophole, this flaw can be used in many systems, And can be triggered either remotely or locally, in this experiment we personally reproduce the attack to understand the vulnerability. That way the shellshock loophole can be exploited, but if the two uid is different, the environment variable fails and the attack cannot be launched. only by constantly discovering loopholes, the system can continue to improve.

Shellshock Attack experiment