Experimental three-Shellshock attack experiment

Source: Internet
Author: User

Shellshock Attack experiment

First, the experimental description

September 24, 2014, Bash found a serious vulnerability shellshock, which can be used on many systems and can be triggered either remotely or locally. In this experiment, students need to reproduce the attack to understand the vulnerability and answer some questions.

Second, the preparation of knowledge 1. What is Shellshock?

Shellshock, also known as Bashdoor, is a security vulnerability in the widely used bash shell in Unix, which was first disclosed on September 24, 2014. Many Internet daemons, such as Web servers, use Bash to handle certain commands, allowing an attacker to execute arbitrary code on a vulnerable bash version. This could allow an attacker to access the computer system without authorization. --Excerpt from Wikipedia

2. preparation required for the experiment

Prompt installation is successful, you can query

Iii. contents of the experiment

In this experiment, we gain root privileges by attacking the Set-uid program. First, make sure that you have installed a version of Bash with the vulnerability and have/bin/sh point to/bin/bash. Compile the code below and set it as the SET-UID program to ensure that its owner is root. We know that the system () function will invoke "/BIN/SH-C" to run the specified command, which also means that/bin/bash will be called to take advantage of the Shellshock vulnerability.

#include <stdio.h>

void main()

{

Setuid (Geteuid ());

//Make real UID = effective UID. System ("/bin/ls-l");

}

If Setuid (Geteuid ()) statement is removed, and then try to attack, we can not get access to it?

Failed! This means that if the real UID and the effective UID are the same, the content defined in the environment variable is valid within the program, so that the Shellshock vulnerability can be exploited. However, if the two UID is different, the environment variable will not be able to launch an attack, which can be verified from the source code of Bash (VARIABLES.C, between 308 and 369 lines), please indicate which line is causing the difference, and explain the reason for the design of bash.

Third, the experimental experience

This is the last experiment of this semester, the purpose is to let us have a further understanding of the loopholes in the system, the experimental operation process is not complex, follow the steps to produce results, learned that there is no complete security system, in the cracked can continue to improve!

Experimental three-Shellshock attack experiment

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.