Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
largotek2014-11-28 20:31:12
linux
largotek, 2014-11-28 20:31:12

Debian Linux - Shellshock demo stand?

Hello dear gentlemen. It so happened that you need to build a stand where you can demonstrate the shellshock vulnerability, but the trouble is, I have never configured the server, and I can’t build what I need. Namely, Debian installed (still an old vulnerable version), raised Apache there, somehow turned on cgi-bin scripts (and that's not a fact). But it works remotely (
I don't even know what to do anymore, please help.
Debian+apache+cgi-bin+ php - and it still doesn't work.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey Petrikov, 2014-11-28
@largotek 

Ставьте дебиан со старых дисков, где еще не полечен bash или притащите только его со старого диска и не обновляйте. 
Локально систему можно проверить скриптом:
r=`x="() { :; }; echo x" bash -c ""`
if [ -n "$r" ]; then
echo -e '\033[91mVulnerable to CVE-2014-6271 (original shellshock)\033[39m'
else
echo -e '\033[92mNot vulnerable to CVE-2014-6271 (original shellshock)\033[39m'
fi
cd /tmp;rm echo 2>/dev/null
X='() { function a a>\' bash -c echo 2>/dev/null > /dev/null
if [ -e echo ]; then
echo -e "\033[91mVulnerable to CVE-2014-7169 (taviso bug)\033[39m"
else
echo -e "\033[92mNot vulnerable to CVE-2014-7169 (taviso bug)\033[39m"
fi
bash -c "true $(printf '<<EOF %.0s' {1..79})" 2>/dev/null
if [ $? != 0 ]; then
echo -e "\033[91mVulnerable to CVE-2014-7186 (redir_stack bug)\033[39m"
else
echo -e "\033[92mNot vulnerable to CVE-2014-7186 (redir_stack bug)\033[39m"
fi
bash -c "`for i in {1..200}; do echo -n "for x$i in; do :;"; done; for i in {1..200}; do echo -n "done;";done`" 2>/dev/null
if [ $? != 0 ]; then
echo -e "\033[91mVulnerable to CVE-2014-7187 (nested loops off by one)\033[39m"
else
echo -e "\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\033[39m"
fi
r=`a="() { echo x;}" bash -c a 2>/dev/null`
if [ -n "$r" ]; then
echo -e "\033[93mVariable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug)\033[39m"
else
echo -e "\033[92mVariable function parser inactive, likely safe from unknown parser bugs\033[39m"
fi

if the script showed a vulnerability, then already conjure with cgi

Similar questions
D
Dmitry Kuznetsov2017-12-05 15:02:08
Why is the state not saved after page reload or are there other options? 1Reply
P
Pavel2020-01-22 22:54:11
anlinux not working! what to do? 0Reply
D
des1roer2017-08-20 11:09:36
Screenshot program for Linux on what to write? 2Reply
C
cyplah2015-09-16 15:30:47
How to compile Ubuntu for phone? 2Reply
V
Valioozz2020-01-23 14:28:10
Are requests for Cgroups CPU shares equal when running Kubernetes on nodes with different number of cores (using Docker)? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question