Saturday, September 27, 2014

Reverse Shell via Bash Bug - Shellshock - CVE-2014-6271

In this tutorial, I am going to create reverse tcp shell via bash bug/shellshock. If you guys do not know what is that then kindly refer my first and second tutorial on that.

Before diving into direct reverse tcp shell tutorial, I would like to recap you all guys about reverse tcp shell as this blog is not dedicated to only pros :P like you. (SORRY FOR THE BAD JOKE)

I would like to start this session as an interactive question/answer section.

Friday, September 26, 2014

LFI - The Beauty of BashBug // Shellshock

Hi folks, if you have not seen my previous tutorial on Bash Bug Penetration Testing then kindly check it. In this part of bash bug, I am supplying very small trick to exploit bash via CGI.

Lab setup is the same as previously mentioned in my last tutorial. Also the methodology is the same. 
Limitation in last tutorial of bash bug : In that demonstration I was managed to exploit bash successfully, somehow I could not make sure from client side(my end) that exploitation has gone successful or not. For that I went to vulnerable VM machine and went to that particular directory and checked that the files has been created successfully or not.

Advantage of this technique : In this technique I am making a new header with a variable, in which I will give arbitiary comamnds in order to exploit in the victim''s box. On top of that the result of that command's output will be reflected back at my burp sute's response. So this is the smartness of this payload that we do not need to go to server's end in order to confirm that has our exploitation been successful or not. We can do this by sitting at client side only since the output will be reflected to us.

Thursday, September 25, 2014

Bash-Bug Penetration Testing - Anatomy of Shellshock

A new security vulnerability known as the Bash or Shellshock bug could spell disaster for major digital companies, small-scale Web hosts and even Internet-connected devices.

The quarter-century-old security flaw allows malicious code execution within the bash shell (commonly accessed through Command Prompt on PC or Mac's Terminal application) to take over an operating system and access confidential information.

A post from open-source software company Red Hat warned that "it is common for a lot of programs to run Bash shell in the background," and the bug is "triggered" when extra code is added within the lines of Bash code.