Experimental three-Shellshock attack experiment

Shellshock Attack experiment

Shellshock Attack experiment

First, the experimental description

September 24, 2014, Bash found a serious vulnerability shellshock, which can be used on many systems and can be triggered either remotely or locally. In this experiment, students need to reproduce the attack to understand the vulnerability and answer some questions.

Ii. contents of the experiment

Environment construction

Download

# wget http://labfile.oss.aliyuncs.com/bash-4.1.tar.gz

Installation

# tar xf bash-4.1.tar.gz# cd bash-4.1# ./configure# make & make install

Link

# rm /bin/bash# ln -s /usr/local/bin/bash /bin/bash

The installation is done here, and the next step is to detect the presence of a shellshock vulnerability.

$ env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test "

The installation is done here, and the next step is to detect the presence of a shellshock vulnerability.

Attack Set-uid Program

In this experiment, we gain root privileges by attacking the Set-uid program. First, make sure that you have installed a version of Bash with the vulnerability and have/bin/sh point to/bin/bash.

If the setuid (Geteuid ()) statement is removed, try to attack and not get permission.

Third, the experimental experience

This experiment is the last experiment of this semester, I hope that my learning steps have not stopped, but continue to move forward. I know the security of the system is in the continuous analysis of the obtained, there is no absolute security, there is good to find.

Experimental three-Shellshock attack experiment