Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
largotek2014-11-28 20:31:12
linux
largotek, 2014-11-28 20:31:12

Debian Linux - Shellshock demo stand?

Hello dear gentlemen. It so happened that you need to build a stand where you can demonstrate the shellshock vulnerability, but the trouble is, I have never configured the server, and I can’t build what I need. Namely, Debian installed (still an old vulnerable version), raised Apache there, somehow turned on cgi-bin scripts (and that's not a fact). But it works remotely (
I don't even know what to do anymore, please help.
Debian+apache+cgi-bin+ php - and it still doesn't work.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
Sergey Petrikov, 2014-11-28
@largotek 

Ставьте дебиан со старых дисков, где еще не полечен bash или притащите только его со старого диска и не обновляйте. 
Локально систему можно проверить скриптом:
r=`x="() { :; }; echo x" bash -c ""`
if [ -n "$r" ]; then
echo -e '\033[91mVulnerable to CVE-2014-6271 (original shellshock)\033[39m'
else
echo -e '\033[92mNot vulnerable to CVE-2014-6271 (original shellshock)\033[39m'
fi
cd /tmp;rm echo 2>/dev/null
X='() { function a a>\' bash -c echo 2>/dev/null > /dev/null
if [ -e echo ]; then
echo -e "\033[91mVulnerable to CVE-2014-7169 (taviso bug)\033[39m"
else
echo -e "\033[92mNot vulnerable to CVE-2014-7169 (taviso bug)\033[39m"
fi
bash -c "true $(printf '<<EOF %.0s' {1..79})" 2>/dev/null
if [ $? != 0 ]; then
echo -e "\033[91mVulnerable to CVE-2014-7186 (redir_stack bug)\033[39m"
else
echo -e "\033[92mNot vulnerable to CVE-2014-7186 (redir_stack bug)\033[39m"
fi
bash -c "`for i in {1..200}; do echo -n "for x$i in; do :;"; done; for i in {1..200}; do echo -n "done;";done`" 2>/dev/null
if [ $? != 0 ]; then
echo -e "\033[91mVulnerable to CVE-2014-7187 (nested loops off by one)\033[39m"
else
echo -e "\033[96mTest for CVE-2014-7187 not reliable without address sanitizer\033[39m"
fi
r=`a="() { echo x;}" bash -c a 2>/dev/null`
if [ -n "$r" ]; then
echo -e "\033[93mVariable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug)\033[39m"
else
echo -e "\033[92mVariable function parser inactive, likely safe from unknown parser bugs\033[39m"
fi

if the script showed a vulnerability, then already conjure with cgi

Similar questions
A
Alexander2017-06-23 20:13:44
Accepting cookies. Why is it returning an array? 2Reply
V
Vladimir2019-08-22 20:26:55
One account for authorization on all services of the company? 3Reply
M
Moolzv Rivers2019-08-23 08:44:50
When dropping onto a Windows10 USB flash drive, the file system becomes udf, which is why it most likely cannot be booted from it, what should I do? 0Reply
M
Mark Rosenthal2015-03-20 21:58:13
How to encrypt information in RSA? 1Reply
G
Gal78rus2015-03-21 10:42:56
Where can I find a working client for Google Drive under Linux? 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question